Security Headers Inspector

Inspect security headers for a URL to check for adherence to current best practices

GET


                    api/v1/inspect-headers

Inspect security headers for a URL to check for adherence to current best practices

Rate Limiting

Standard rate limits apply to this endpoint.

Authentication

This endpoint requires authentication via API key. You can use the sandbox mode for testing without registering. See the authentication guide for details.

Query Parameters

Parameter	Type	Required	Description
`url`	string	Required	The url parameter

Response details for this API endpoint. See the response format guide for the standard response structure.

Example Response

{
    "status": "success",
    "http_code": 200,
    "code": "SUCCESS",
    "message": "Security headers inspected successfully",
    "data": {
        "url": "https://example.com",
        "status_code": 200,
        "headers": {
            "Content-Security-Policy": "default-src 'self'",
            "X-Content-Type-Options": "nosniff",
            "X-Frame-Options": "DENY",
            "X-XSS-Protection": "1; mode=block"
        },
        "missing": [
            "Strict-Transport-Security"
        ],
        "grade": "B"
    }
}

Example Usage

Here's how to use this endpoint in various languages. For more examples, see our code examples page.

cURL

curl -X GET \
    "https://apixies.io/api/v1/inspect-headers" \
    -H "X-API-Key: YOUR_API_KEY"

JavaScript

fetch("https://apixies.io/api/v1/inspect-headers", {
    method: "GET",
    headers: {
        "Content-Type": "application/json",
        "X-API-Key": "YOUR_API_KEY"
    }
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error("Error:", error));

PHP

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://apixies.io/api/v1/inspect-headers");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "Content-Type: application/json",
    "X-API-Key: YOUR_API_KEY"
]);

$response = curl_exec($ch);
curl_close($ch);

echo $response;

Try It Yourself

Test this endpoint directly from your browser using our API sandbox. No authentication required for testing.

Try API Endpoint

This is a limited sandbox environment.

For higher limits (75 requests/day), register for a free account.

API Endpoint

/

Sandbox API Usage Get full API access

No token information available

Sandbox (no account): 50 requests per token, 1 token per day, 24-hour expiry

Your session has expired. A new token will be created automatically.

Your daily Sandbox API quota has been exhausted. Please try again tomorrow.

Need higher limits? Register for free and get 75 requests/day.

Unable to validate your API token.

Response

Send a request to see the response

Common Use Cases

Security compliance auditing

Automatically scan your web properties for missing security headers like HSTS, CSP, and X-Frame-Options. Generate compliance reports for security reviews.

Competitive security analysis

Compare your site's security header configuration against competitors. Identify gaps and prioritize header implementations.

CI/CD security gate

Add a security headers check to your deployment pipeline. Block releases that remove critical security headers from staging or production environments.

Related API Endpoints

Explore related endpoints that work well with Security Headers Inspector.

GET SSL Health Inspector

Inspect SSL certificate details for a domain, including validity, expiry and chain health

GET Redirect Tracer

Follow a URL's redirect chain and report each hop with status code

GET Meta Tag Extractor

Extract OpenGraph, Twitter Card, and standard meta tags from any URL

Getting Started

Explore

Resources

Get Started Free

Free for development and small projects.

Get Free API Key

Share Your Feedback

Suggest a micro‑API