Mozilla HTTP Scanner
APIFree API for scanning HTTP security headers and configuration compliance
Overview
The Mozilla HTTP Scanner API (part of Mozilla Observatory) automates security audits of web properties for HTTP header best practices and configuration issues. Key endpoints include POST /api/v1/scan (submit a site for scanning) and GET /api/v1/results/{host} (retrieve scan results). Responses are JSON-formatted, providing scores, detailed issue breakdowns (e.g., missing HSTS, insecure CORS policies), and actionable recommendations. Use cases include integrating security checks into CI/CD pipelines, auditing domain portfolios for compliance with OWASP guidelines, and monitoring changes in HTTP security posture over time.
Example Integration (JavaScript)
fetch('https://github.com/mozilla/http-observatory/blob/master/httpobs/docs/api.md')
.then(res => res.json())
.then(data => console.log(data))
.catch(err => console.error(err)); Key Features
- RESTful API
- JSON Response Format
- HTTP Security Header Scanning
- Compliance Auditing
- Open Source Implementation
Frequently Asked Questions
? Is Mozilla HTTP Scanner free to use?
Yes, the API is completely free and open-source, with no cost for scanning websites.
? Does it require an API Key?
Basic scan operations do not require an API key, but higher rate limits or advanced features may require authentication via an API key obtained from Mozilla.
? What is the response format?
All API responses are in JSON format, including scan results, status updates, and error messages.
Top Alternatives
People Also Ask about Mozilla HTTP Scanner
Tool Info
Pros
- ⊕ Free to use
- ⊕ Comprehensive security insights
- ⊕ CI/CD automation-friendly
- ⊕ Transparent open-source codebase
- ⊕ Aligns with Mozilla and OWASP security standards
Cons
- ⊖ Rate-limited for public usage
- ⊖ No official service level agreement (SLA)
- ⊖ Potential scan delays during peak traffic
- ⊖ Limited advanced threat intelligence compared to enterprise tools