FREE TO SCAN · NO ACCOUNT NEEDED

Stop guessing
Fix your headers.

Scan any URL. Get a security score. Get the exact fix for your stack — FastAPI, Express, Django, Nginx, or Caddy.

// ENTER URL TO SCAN
$ scan
7 HEADERS CHECKED
100 POINT SCORE
5 STACKS SUPPORTED
// CAPABILITIES

Not a proxy.
A fixer.

Instant Analysis

Scan any public URL in under 2 seconds. No account, no config, no waiting. Paste URL, get results.

🎯
Stack-Specific Fixes

Tell us you're on FastAPI, Express, Django, Nginx, or Caddy. Get the exact code to paste — not generic advice.

🔒
7 Headers Scored

CORS, CSP, HSTS, X-Frame-Options, X-Content-Type, Referrer-Policy, Permissions-Policy — all weighted and graded.

🚀
CI/CD Integration

Block deploys when security headers drop below your threshold. One line in your GitHub Actions workflow.

📡
REST API

POST /scan and get structured JSON back. Integrate header security checks into your own tools and dashboards.

🖥️
npx CLI

Run npx headerguard scan from your terminal. Zero install. Works offline with local API.

// CLI & CI/CD

One command.
Zero config.

terminal
# Scan any URL
$ npx headerguard scan https://api.myapp.com --stack fastapi
 
HeaderGuard Security Report
──────────────────────────────────────────────────
URL https://api.myapp.com
Score ████████░░ 42/100
Grade D
Summary 4 header(s) need attention.
 
✗ Content-Security-Policy 0/25
No CSP. XSS attacks have no mitigation.
⚠ CORS (Access-Control-Allow-Origin) 10/25
Wildcard (*) — risky for authed endpoints.
✗ Referrer-Policy 0/5
✗ Permissions-Policy 0/5
 
# Use in GitHub Actions
$ npx headerguard scan https://api.myapp.com --fail-below 70
✗ Score 42 is below threshold 70. Failing.
// .github/workflows/security.yml
- name: Security Header Check
  run: npx headerguard scan ${{ vars.API_URL }} --fail-below 70 --stack fastapi
// PRICING

Simple.
No surprises.

FREE
$0
forever
  • 50 scans / day
  • Full header analysis
  • Generic fix snippets
  • REST API access
  • CLI tool
START FREE →
MOST POPULAR
PRO
$29
per month
  • Unlimited scans
  • Stack-specific fixes
  • CI/CD integration
  • Badge generation
  • Priority support
  • Scan history (30 days)
GET PRO →
TEAM
$97
per month
  • Everything in Pro
  • Multi-domain monitoring
  • Slack / webhook alerts
  • Weekly PDF reports
  • Team seats (up to 10)
  • SLA support
GET TEAM →