Scan security headers on any website -- CSP, HSTS, X-Frame-Options, and more -- using Spider Cloud, the fastest web crawling infrastructure.
Live Demo: https://security-scanner.spider.cloud
- 10 security header checks: HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, X-XSS-Protection, COOP, CORP, HTTPS
- Weighted scoring with A/B/C/F letter grades
- Severity levels: critical, high, medium, low
- Expandable per-page detail view
- Sortable and filterable results by grade
- Real-time JSONL streaming results via Spider Cloud API
- Export reports as JSON, CSV, or Markdown
- Supabase authentication (GitHub & Discord)
- Cross-app switcher to jump between all Spider Cloud tools with the current URL pre-filled
- Node.js 18+
- A Spider Cloud account with API credits
- Supabase project for authentication
- Clone the repository:
git clone https://github.com/spider-rs/spider-security-scanner.git
cd spider-security-scanner- Install dependencies:
npm install- Configure environment variables:
cp .env.local .envEdit .env and add your Supabase and Spider Cloud credentials:
NEXT_PUBLIC_SUPABASE_URL=your_supabase_url
NEXT_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key
NEXT_PUBLIC_API_URL=https://api.spider.cloud
- Run the development server:
npm run devOpen http://localhost:3001 in your browser.
- Next.js 14 -- React framework
- Tailwind CSS -- Styling
- shadcn/ui -- UI components
- Supabase -- Authentication
- Spider Cloud -- Web crawling API
| Tool | URL |
|---|---|
| Dead Link Checker | dead-link-checker.spider.cloud |
| A11y Checker | a11y-checker.spider.cloud |
| Tech Detector | tech-detector.spider.cloud |
| Schema Validator | schema-validator.spider.cloud |
| Knowledge Base | knowledge-base.spider.cloud |
| Perf Runner | perf-runner.spider.cloud |
| Content Translator | content-translator.spider.cloud |
| Diff Monitor | diff-monitor.spider.cloud |
| Sitemap Generator | sitemap-generator.spider.cloud |
| Link Graph | link-graph.spider.cloud |