Security Scoring API

Scan any URL for transport security and header configuration issues. Free to use, no signup required.

Base URL

https://analytix402.com/api/v1

Endpoints

POST /scan

Run a full security scan on a URL. Checks SSL/TLS, certificate validity, security headers, CORS, and rate limit headers.

Request Body

{
  "url": "https://example.com/api"
}

Response

{
  "url": "https://example.com/api",
  "score": 38,
  "maxScore": 45,
  "grade": "B",
  "scanDuration": "847ms",
  "breakdown": {
    "transport": {
      "score": 25,
      "maxScore": 25,
      "checks": [
        { "name": "HTTPS Enforced", "status": "pass", "detail": "Endpoint uses HTTPS", "points": 5, "maxPoints": 5 },
        { "name": "SSL Certificate Valid", "status": "pass", "detail": "Expires Mar 15, 2027", "points": 10, "maxPoints": 10 },
        { "name": "TLS 1.3", "status": "pass", "detail": "Using TLS 1.3", "points": 5, "maxPoints": 5 },
        { "name": "Certificate Expiry", "status": "pass", "detail": "398 days until expiry", "points": 5, "maxPoints": 5 }
      ]
    },
    "headers": {
      "score": 13,
      "maxScore": 20,
      "checks": [
        { "name": "CORS Configured", "status": "pass", "detail": "Origin: https://example.com", "points": 5, "maxPoints": 5 },
        { "name": "X-Content-Type-Options", "status": "pass", "detail": "nosniff enabled", "points": 3, "maxPoints": 3 },
        { "name": "X-Frame-Options", "status": "pass", "detail": "DENY", "points": 3, "maxPoints": 3 },
        { "name": "Content-Security-Policy", "status": "warn", "detail": "Missing CSP header", "points": 0, "maxPoints": 4 },
        { "name": "Rate Limit Headers", "status": "warn", "detail": "No rate limit headers", "points": 0, "maxPoints": 5 }
      ]
    }
  },
  "scannedAt": "2026-02-10T12:00:00.000Z"
}

GET /scan?url=https://example.com

Same scan, via query parameter. Convenient for quick browser testing.

GET /health

Health check. Returns service status and version.

Scoring

Each URL is scored out of 45 points across two categories:

Category	Max Points	What It Checks
Transport Security	25	HTTPS, SSL certificate, TLS version, cert expiry
Headers & Config	20	CORS, X-Content-Type-Options, X-Frame-Options, CSP, rate limit headers

Grades: A 40+ B 30-39 C 20-29 D 10-19 F 0-9

Rate Limits

Tier	Limit	How
Anonymous	5 requests / min	No key needed
Authenticated	60 requests / min	Add `X-API-Key` header

Rate limit info is returned in response headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset.

Authentication

No authentication required for basic use. To get higher rate limits, create an account and pass your API key:

curl -X POST https://analytix402.com/api/v1/scan \
  -H "Content-Type: application/json" \
  -H "X-API-Key: ax_live_your_key_here" \
  -d '{"url": "https://your-api.com"}'

Try It

Scan a URL

Enter any URL to run a live security scan.