Schemas

Recommendation

title

string · required

Short, human-readable summary of the recommendation.

Example: Add a Content-Security-Policy

severity

string · enum · required

Priority of the recommendation.

Enum values:

Critical

High

Medium

Low

Info

Example: High

description

string · required

Explanation of why this matters and how to fix it.

Example: No Content-Security-Policy header was returned. CSP is the strongest defense against cross-site scripting (XSS) and data-injection attacks.

header

string · required

The HTTP header the recommendation concerns.

Example: Content-Security-Policy

ScanResult

url

string · required

The normalized requested URL.

Example: https://example.com

final_url

string · required

The URL after following redirects.

Example: https://example.com/

status

integer · required

HTTP status code of the final response.

Example: 200

score

integer · min: 0 · max: 100 · required

Weighted security score.

Example: 72

grade

string · enum · required

Letter grade derived from the score.

Enum values:

A+

Example: C

object · required

Canonical header name -> returned value for headers that were present.

Example: {"Strict-Transport-Security":"max-age=31536000; includeSubDomains; preload","X-Content-Type-Options":"nosniff","X-Frame-Options":"SAMEORIGIN"}

missing

string[] · required

Canonical names of evaluated headers that were absent.

Example: ["Content-Security-Policy","Permissions-Policy"]

Recommendation[] · required

Severity-sorted list of remediation guidance.

Error

error

string · required

Error message.

Example: Please provide a url query parameter.

UpstreamError

error

string · required

Error message describing the upstream fetch failure.

Example: Failed to fetch the target URL: network error

url

string

The URL that the gateway attempted to fetch.

Example: https://example.com/

Recommendation

title

string · required

Short, human-readable summary of the recommendation.

Example: Add a Content-Security-Policy

severity

string · enum · required

Priority of the recommendation.

Enum values:

Critical

High

Medium

Low

Info

Example: High

description

string · required

Explanation of why this matters and how to fix it.

Example: No Content-Security-Policy header was returned. CSP is the strongest defense against cross-site scripting (XSS) and data-injection attacks.

header

string · required

The HTTP header the recommendation concerns.

Example: Content-Security-Policy

ScanResult

url

string · required

The normalized requested URL.

Example: https://example.com

final_url

string · required

The URL after following redirects.

Example: https://example.com/

status

integer · required

HTTP status code of the final response.

Example: 200

score

integer · min: 0 · max: 100 · required

Weighted security score.

Example: 72

grade

string · enum · required

Letter grade derived from the score.

Enum values:

A+

Example: C

object · required

Canonical header name -> returned value for headers that were present.

Example: {"Strict-Transport-Security":"max-age=31536000; includeSubDomains; preload","X-Content-Type-Options":"nosniff","X-Frame-Options":"SAMEORIGIN"}

missing

string[] · required

Canonical names of evaluated headers that were absent.

Example: ["Content-Security-Policy","Permissions-Policy"]

Recommendation[] · required

Severity-sorted list of remediation guidance.