π Audit Website Security Headers with AI Remediation and Google Sheets Reporting
β‘ 42 views Β· π SecOps & Security Automation
Description
What It Is
An automated workflow for auditing website security headers and generating comprehensive security reports.
The workflow consists of three main phases:
- Perform Security Scan
- Save Results in Table
- Email Report
Perform Security Scan
This phase analyzes a websiteβs security headers and generates a security grade.
Form Input
A form trigger collects user inputs:
- Site: The website URL to audit (e.g., example.com)
- Report Recipient: Email address to receive the security report
URL List & Fetch Headers
- Prepares the URL for analysis and timestamps the audit
- Sends an HTTP HEAD request to retrieve security headers
- Timeout set to 10 seconds for reliable results
Parse Headers & Security Scorer
- Extracts and normalizes HTTP headers for analysis
- Evaluates 7 critical security headers:
- Strict-Transport-Security (HSTS) - HTTPS enforcement
- Content-Security-Policy (CSP) - XSS protection
- X-Frame-Options - Clickjacking prevention
- X-Content-Type-Options - MIME sniffing protection
- Referrer-Policy - Information leakage control
- Permissions-Policy - Feature access control
- Cache-Control - Authentication page caching
Grade Calculator
- Calculates security score (0-70 points) and assigns letter grade (A-F)
- Identifies missing headers and configuration issues
- Flags critical security vulnerabilities
Save Results in Table
This phase exports audit results to a structured Google Sheets database.
Format Report
- Structures audit data for spreadsheet export
- Creates checkmark/X indicators for header presence
- Summarizes issues and security recommendations
Export to Sheets
- Appends results to Google Sheets for tracking trends
- Includes timestamp, URL, grade, scores, and detailed findings
- Supports historical analysis and compliance reporting
Email Report
This phase generates AI-powered remediation instructions and sends detailed security reports.
AI Remediation Agent
- Uses AI to create copy-paste instructions for non-technical users
- Generates platform-specific implementation guidance
- Provides step-by-step remediation for AI code editors (GitHub Copilot, Cursor, etc.)
Email Formatting & Delivery
- Creates visually rich HTML email reports with:
- Security grade and score breakdown
- Missing headers analysis
- Configuration warnings
- AI-generated remediation instructions
- Implementation checklist
- Sends comprehensive report via Gmail
Setup
To run this workflow, configure the following credentials in n8n:
OpenRouter
- Generate an API key from your OpenRouter account for AI remediation features
Google Sheets
- Uses OAuth 2.0 authentication
- Create a spreadsheet for audit results storage
- Update the spreadsheet ID in βExport to Sheetsβ node
Gmail OAuth2
- Configure Gmail credentials for automated report delivery
- Authenticate with your Google account
π Nodes Used
Google Sheets, HTTP Request, Gmail, AI Agent, n8n Form Trigger, OpenRouter Chat Model
π₯ Import
Download workflow.json and import into n8n:
Workflow menu β Import from File