{"id":23074494,"url":"https://github.com/iamazeem/security-headers-action","last_synced_at":"2025-08-08T15:40:20.604Z","repository":{"id":154481650,"uuid":"631185871","full_name":"iamazeem/security-headers-action","owner":"iamazeem","description":"GitHub Action to analyze HTTP response headers using securityheaders.com API (Linux, macOS, Windows)","archived":false,"fork":false,"pushed_at":"2024-09-19T09:24:51.000Z","size":42,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-03T11:45:16.855Z","etag":null,"topics":["github-action","github-composite-action","security-headers","security-headers-scanner"],"latest_commit_sha":null,"homepage":"https://github.com/iamazeem/security-headers-action","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/iamazeem.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-22T07:52:53.000Z","updated_at":"2024-09-19T09:24:54.000Z","dependencies_parsed_at":null,"dependency_job_id":"b15e2a9e-a4f6-4e30-99b4-6cbaa9919b89","html_url":"https://github.com/iamazeem/security-headers-action","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/iamazeem/security-headers-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamazeem%2Fsecurity-headers-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamazeem%2Fsecurity-headers-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamazeem%2Fsecurity-headers-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamazeem%2Fsecurity-headers-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/iamazeem","download_url":"https://codeload.github.com/iamazeem/security-headers-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iamazeem%2Fsecurity-headers-action/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269447305,"owners_count":24418744,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-08T02:00:09.200Z","response_time":72,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-action","github-composite-action","security-headers","security-headers-scanner"],"created_at":"2024-12-16T08:28:40.724Z","updated_at":"2025-08-08T15:40:20.545Z","avatar_url":"https://github.com/iamazeem.png","language":"Shell","readme":"# security-headers-action\n\n[![CI](https://github.com/iamazeem/security-headers-action/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/iamAzeem/security-headers-action/actions/workflows/ci.yml)\n[![License: MIT](https://img.shields.io/badge/license-MIT-darkgreen.svg?style=flat-square)](https://github.com/iamAzeem/security-headers-action/blob/master/LICENSE)\n[![GitHub release](https://img.shields.io/github/v/release/iamazeem/security-headers-action?style=flat-square)](https://github.com/iamazeem/security-headers-action/releases)\n\n[GitHub Action](https://docs.github.com/en/actions) to analyze HTTP response\nheaders using [securityheaders.com](https://securityheaders.com/)\n[API](https://securityheaders.com/api/docs/).\n\nThis\n[composite](https://docs.github.com/en/actions/creating-actions/about-custom-actions#types-of-actions)\naction uses standard\n[Bash](https://www.gnu.org/savannah-checkouts/gnu/bash/manual/bash.html)\nfacilities along with [`curl`](https://curl.se/) and\n[`jq`](https://stedolan.github.io/jq/).\n\nTested on Linux, macOS, and Windows GHA runners. See\n[CI workflow](./.github/workflows/ci.yml) for details.\n\n## Usage\n\n### Inputs\n\n|           Input            | Required | Default | Description                                                                                     |\n| :------------------------: | :------: | :-----: | :---------------------------------------------------------------------------------------------- |\n|         `api-key`          |  `true`  |         | API key from https://securityheaders.com/api/                                                   |\n|      `domain-or-url`       |  `true`  |         | Domain or URL to analyze HTTP response headers                                                  |\n|     `follow-redirects`     | `false`  | `true`  | Follow redirect status codes                                                                    |\n| `hide-results-on-homepage` | `false`  | `true`  | Hide results on homepage                                                                        |\n|  `api-timeout-in-seconds`  | `false`  |  `30`   | API timeout in seconds (must be +ve, -ve value means default)                                   |\n| `max-retries-on-api-error` | `false`  |   `0`   | Maximum number of retries on API error (must be +ve; -ve value means default)                   |\n|      `expected-grade`      | `false`  |         | Expected grade [A+ to F; or maybe R if `follow-redirects: false`] (invalid value means default) |\n\n- To store the API key, prefer using GitHub Actions\n  [secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets).\n\n- The grade lower than `expected-grade` will result in failure.\n\n### Outputs\n\n|      Output       | Description                                                        |\n| :---------------: | :----------------------------------------------------------------- |\n| `results-as-json` | Complete results in JSON format                                    |\n| `summary-as-json` | Extracted summary in JSON format                                   |\n|      `grade`      | Extracted grade [A+ to F; or maybe R if `follow-redirects: false`] |\n\n### Examples\n\n#### Analyze and print output in the next step\n\n```yaml\n- name: Analyze HTTP response headers\n  uses: iamazeem/security-headers-action@v1\n  id: analyze\n  with:\n    api-key: ${{ secrets.API_KEY }}\n    domain-or-url: securityheaders.com\n\n- name: Print output\n  env:\n    RESULTS_AS_JSON: ${{ steps.analyze.outputs.results-as-json }}\n    SUMMARY_AS_JSON: ${{ steps.analyze.outputs.summary-as-json }}\n    GRADE: ${{ steps.analyze.outputs.grade }}\n  run: |\n    jq '.' \u003c\u003c\u003c\"$RESULTS_AS_JSON\"\n    jq '.' \u003c\u003c\u003c\"$SUMMARY_AS_JSON\"\n    echo \"GRADE: [$GRADE]\"\n```\n\n#### Analyze and fail on an unexpected grade\n\n```yaml\n- name: Analyze HTTP response headers\n  uses: iamazeem/security-headers-action@v1\n  id: analyze\n  with:\n    api-key: ${{ secrets.API_KEY }}\n    domain-or-url: securityheaders.com\n    expected-grade: A+                    # should fail on lower grade\n```\n\n#### Analyze and retry on failure\n\n```yaml\n- name: Analyze HTTP response headers\n  uses: iamazeem/security-headers-action@v1\n  id: analyze\n  with:\n    api-key: ${{ secrets.API_KEY }}\n    domain-or-url: securityheaders.com\n    max-retries-on-api-error: 2           # will retry on failure\n```\n\n## Contribute\n\nYou may\n[create issues](https://github.com/iamazeem/security-headers-action/issues/new/choose)\nto report bugs or propose new features and enhancements.\n\nPRs are always welcome. Please follow this workflow for submitting PRs:\n\n- [Fork](https://github.com/iamazeem/security-headers-action/fork) the repo.\n- Check out the latest `main` branch.\n- Create a `feature` or `bugfix` branch from `main`.\n- Commit and push changes to your forked repo.\n- Make sure to add tests. See [CI](./.github/workflows/ci.yml).\n- Lint and fix\n  [Bash](https://www.gnu.org/savannah-checkouts/gnu/bash/manual/bash.html)\n  issues with [shellcheck](https://www.shellcheck.net/) online or with\n  [vscode-shellcheck](https://github.com/vscode-shellcheck/vscode-shellcheck)\n  extension.\n- Lint and fix README Markdown issues with\n  [vscode-markdownlint](https://github.com/DavidAnson/vscode-markdownlint)\n  extension.\n- Submit the PR.\n\n## License\n\n[MIT](LICENSE)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiamazeem%2Fsecurity-headers-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fiamazeem%2Fsecurity-headers-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiamazeem%2Fsecurity-headers-action/lists"}