HTTP Header Security Analyzer API
Production-ready Flask REST API that audits website HTTP security headers, scores sites out of 100 with A–F grading, and returns severity-ranked remediation recommendations.
The Challenge
Most developers overlook HTTP security headers during deployment, leaving sites vulnerable to XSS, clickjacking, MIME sniffing, and transport-layer attacks. Existing tools were either too manual, lacked actionable guidance, or weren't suitable for programmatic integration into CI/CD pipelines.
The Approach
Built a REST API with Flask Blueprints that fetches and audits 8 OWASP-recommended security headers — including CSP, HSTS, and X-Frame-Options — assigning severity levels (HIGH / MEDIUM / LOW) and point-based scores to each. Implemented built-in rate limiting (30 req/min per IP) without external dependencies, CORS support for frontend integration, structured JSON error handling, and a health check endpoint. Deployed with Gunicorn and Docker for production readiness, with 12 unit tests covering core analysis logic.
The Outcome
Delivered a fully containerized, production-grade security auditing API with two scan modes (POST JSON body and GET query param), a 0–100 scoring system with A–F grading, and per-header remediation recommendations linked to MDN documentation. Demonstrates REST API design, OWASP security knowledge, and clean separation of concerns via Flask Blueprints.