Analyzes HTTP response headers from any URL and returns structured security data: CSP, HSTS, X-Frame-Options, and other protection headers, plus cache directives and server fingerprinting. Exposes a single tool that fetches a page and parses the headers into categorized findings. Operates over SSE transport and integrates x402 micropayments, meaning each analysis call costs a small amount. Useful when you need to audit header configurations across multiple domains, check if security policies are properly set, or automate reconnaissance tasks that would otherwise require manual curl inspection. The hosted API endpoint means no local dependencies beyond the MCP connection.
Public tool metadata for what this MCP can expose to an agent.
network_analyze_headersUse this when you need to analyze HTTP response headers of a URL for security and configuration. Returns a full header audit in JSON. Returns: 1. allHeaders (raw key-value map) 2. securityScore (0-101 paramsUse this when you need to analyze HTTP response headers of a URL for security and configuration. Returns a full header audit in JSON. Returns: 1. allHeaders (raw key-value map) 2. securityScore (0-10
urlstringAnalyze HTTP response headers -- security score, HSTS/CSP check, server detection, caching config. Score 0-100. Pay-per-call via x402 (USDC on Base L2) -- no API key, no signup, no rate-limit wall.
Part of the klymax402 marketplace -- 100 x402 micropayment APIs for AI agents, one wallet, USDC on Base.
Add to your MCP client config (Claude Desktop, Cursor, ElizaOS, etc.):
{
"mcpServers": {
"http-headers": {
"url": "https://http-headers.api.klymax402.com/mcp"
}
}
}
curl -X POST "https://http-headers.api.klymax402.com/api/analyze" \
-H "Content-Type: application/json" \
-d '{"url":"https://example.com"}'
# -> 402 Payment Required, with an x402 payment challenge in the response body
Any x402-aware client (@x402/fetch, x402-agent-tools, ATXP) handles the 402 -> sign -> retry cycle automatically.
| Tool | Method | Path | Price | Description |
|---|---|---|---|---|
network_analyze_headers | POST | /api/analyze | $0.001 | Analyze HTTP response headers for a URL |
network_analyze_headersUse this when you need to analyze HTTP response headers of a URL for security and configuration. Returns a full header audit in JSON.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
url | string | yes | Full URL to analyze (e.g. https://example.com) |
Example response:
{"url":"https://example.com","securityScore":85,"securityHeaders":{"hsts":true,"csp":true,"xFrameOptions":true,"xContentType":true,"referrerPolicy":false},"server":"nginx","caching":{"cacheControl":"max-age=3600","etag":true},"recommendations":["Add Referrer-Policy header"]}
When to use: security audits, DevOps monitoring, compliance checks, and verifying proper header configuration after deployment.
Not for: SSL certificate check (use security_check_ssl), web scraping (use web_scrape_to_markdown), GDPR compliance (use compliance_scan_gdpr).
eip155:8453)100 x402 micropayment APIs for AI agents -- one wallet, USDC on Base, zero signup.
MIT
com.exploit-intel/eip-mcp
dmontgomery40/pentest-mcp
pantheon-security/notebooklm-mcp-secure
cyanheads/pentest-mcp-server
io.github.akhilucky/ai-firewall-mcp