---
name: api.cybersecurity-japan.com
description: api.cybersecurity-japan.com provides a single-shot HTTP security posture audit for public URLs. It checks reachability, inspects HTTP security headers (HSTS, CSP, X-Frame-Options, etc.), and returns diagnostic notes about missing or misconfigured controls at a point in time.
host: api.cybersecurity-japan.com
---

# api.cybersecurity-japan.com

This host offers a lightweight, on-demand security header audit tool aimed at agents that need to quickly assess whether a public-facing website meets baseline HTTP security hygiene. It is a single-resource, single-operation service with no continuous monitoring, streaming, or authenticated/private-network scanning capabilities.

## When to use this host

Use this host when an agent needs a quick, one-off audit of a public website's HTTP security headers or wants to confirm basic reachability and identify missing security controls. Do not use it for continuous or scheduled monitoring — it is a single-shot call with no polling or alerting capability. Do not target internal, private, or non-routable addresses; SSRF-protected addresses will return a 400 error. For ongoing threat intelligence feeds, vulnerability scanning beyond headers, or network-layer security assessments, a different host with broader security tooling would be required. This host is narrowly scoped and best suited as a pre-flight check or compliance spot-check step within a larger agent workflow.

## Capabilities

### HTTP Security Header Auditing

Fetches a public URL and returns a point-in-time snapshot of its reachability, HTTP response status, and presence or absence of key security headers such as HSTS, CSP, and X-Frame-Options.

- **`run-security-snapshot`** — Fetches a point-in-time HTTP security posture snapshot for a public URL, returning reachability, HTTP security headers presence, and diagnostic notes.

## Skill reference

### `run-security-snapshot`

**CyberSnapshot JP** — Fetches a point-in-time HTTP security posture snapshot for a public URL, returning reachability, HTTP security headers presence, and diagnostic notes.

*Use when:* Use when an agent needs to audit a public website's security headers (HSTS, CSP, X-Frame-Options, etc.), check reachability, or identify missing security controls for a given URL.

*Not for:* Do not use for continuous monitoring or streaming threat feeds; this is a single-shot snapshot. Do not use for internal/private network targets — SSRF-blocked addresses will return a 400 error.

**Inputs:**

- `url` (string, required) — Public HTTPS or HTTP URL to inspect.

**Returns:** Returns a SnapshotResult with reachability status, final HTTP status code, redirect count, boolean flags for each security header (HSTS, CSP, X-Frame-Options, etc.), a notes array listing missing controls, and a checks map of all individual results.

**Example:** `{"url": "https://www.example.com/"}`

---