# HTTP Security Headers API

> Paid x402 API for AI agents that audits HTTP security headers, HSTS, Content-Security-Policy, X-Frame-Options, Referrer-Policy, Permissions-Policy and web security scan findings for a public URL.

Intent: x402 security headers API, HTTP security headers API, HSTS CSP scanner API, web security scan API

## Discovery

- OpenAPI: https://api.x402dataapi.com/openapi.json
- x402 catalog: https://api.x402dataapi.com/.well-known/x402-catalog.json
- Capabilities: https://api.x402dataapi.com/capabilities
- Pricing: https://api.x402dataapi.com/pricing

## Tags

- x402
- ai-agents
- http-security
- security-headers
- hsts
- csp
- x-frame-options
- referrer-policy
- permissions-policy
- web-security-scan

## Endpoint

- Method: POST
- URL: https://api.x402dataapi.com/v1/http-security
- Price: 0.002 USDC
- Network: eip155:8453

## Input schema

```json
{
  "type": "object",
  "properties": {
    "url": {
      "type": "string",
      "format": "uri",
      "description": "Public http or https URL to inspect"
    }
  },
  "required": [
    "url"
  ]
}
```

## Output example

```json
{
  "url": "https://example.com",
  "status": 200,
  "score": 80,
  "missing": []
}
```

## curl without payment

```bash
curl -X POST https://api.x402dataapi.com/v1/http-security -H 'Content-Type: application/json' -d '{"url":"https://example.com"}'
```

## x402 payment behavior

Unsigned paid calls return HTTP 402 with a PAYMENT-REQUIRED header. Pay with x402, then retry with PAYMENT-SIGNATURE.

## Agent use case

HTTP security headers, response status, score and missing header analysis for a public URL.

## Discovery keywords

x402 security headers API, HTTP security headers API, HSTS CSP scanner API, web security scan API