#http

Fetch any URL and analyse its HTTP response security headers — grading the site A+ to F the way securityheaders.com and Mozilla Observatory do. Pass a URL and the service makes the request server-side (following redirects), then reports which protective headers are present, which are missing (with concrete remediation advice) and which response headers leak information. Graded headers include Strict-Transport-Security (HSTS), Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy and Cross-Origin-Opener-Policy; information-leak headers include Server and X-Powered-By. A companion endpoint returns every raw response header. Private and internal targets are refused (SSRF-guarded). Built for security audits, CI/CD security gates, attack-surface reviews and compliance checks. A security-header grader — distinct from the SSL/TLS certificate check (sslcheck), host reachability (hostcheck), the IANA HTTP status-code reference (http) and the on-page SEO audit (seo). No upstream key, no cache.

api.oanor.com/secheaders-api

Eine saubere, programmatische Referenz für HTTP-Semantik, basierend auf den offiziellen IANA-Registern. Schlagen Sie jeden Statuscode mit seiner Begründung und Klasse nach (404 → Not Found, Client Error; 503 → Service Unavailable, Server Error), listen Sie eine ganze Klasse auf (4xx, 5xx…); schlagen Sie jede Methode mit ihren safe/idempotent-Flags nach (GET → safe + idempotent, POST → keines, DELETE → idempotent); oder schlagen Sie die 255 registrierten HTTP-Header-Felder (Content-Type, Authorization, …) mit ihrem Registrierungsstatus nach oder durchsuchen Sie sie. Ideal für API-Tooling, HTTP-Clients, Dokumentation, Linter, Lernressourcen und Fehlerseiten.

api.oanor.com/http-api