An MCP server that gives Claude and other AI agents the ability to audit any public URL's HTTP security headers.
What it checks:
- HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
- HTTPS enforcement and redirect chain depth
- Presence of security.txt, robots.txt, sitemap.xml
Payment model:
- 0.05 USDC per scan, paid automatically on Base via the x402 protocol
- No API key, no account, no subscription required
- The agent's wallet pays directly — fully autonomous
Tools provided:
- scan_security_headers(url): Live scan (costs 0.05 USDC)
- demo_security_snapshot(): Free pre-baked example
Server Config
{
"mcpServers": {
"security-snapshot": {
"command": "npx",
"args": [
"-y",
"mcp-server-security-snapshot"
],
"env": {
"WALLET_PRIVATE_KEY": "0x...",
"NETWORK": "base"
}
}
}
}