Get Started
Back to Templates

Audit Website Security Headers with AI Remediation and Google Sheets Reporting

Created by

Created by: Ari Nakos || just-aristides

Ari Nakos

Last update

Last update 17 days ago

Categories

Share

What It Is

An automated workflow for auditing website security headers and generating
comprehensive security reports.

The workflow consists of three main phases:

  1. Perform Security Scan
  2. Save Results in Table
  3. Email Report

Perform Security Scan

This phase analyzes a website's security headers and generates a security grade.

Form Input

A form trigger collects user inputs:

  • Site: The website URL to audit (e.g., example.com)
  • Report Recipient: Email address to receive the security report

URL List & Fetch Headers

  • Prepares the URL for analysis and timestamps the audit
  • Sends an HTTP HEAD request to retrieve security headers
  • Timeout set to 10 seconds for reliable results

Parse Headers & Security Scorer

  • Extracts and normalizes HTTP headers for analysis
  • Evaluates 7 critical security headers:
    • Strict-Transport-Security (HSTS) - HTTPS enforcement
    • Content-Security-Policy (CSP) - XSS protection
    • X-Frame-Options - Clickjacking prevention
    • X-Content-Type-Options - MIME sniffing protection
    • Referrer-Policy - Information leakage control
    • Permissions-Policy - Feature access control
    • Cache-Control - Authentication page caching

Grade Calculator

  • Calculates security score (0-70 points) and assigns letter grade (A-F)
  • Identifies missing headers and configuration issues
  • Flags critical security vulnerabilities

Save Results in Table

This phase exports audit results to a structured Google Sheets database.

Format Report

  • Structures audit data for spreadsheet export
  • Creates checkmark/X indicators for header presence
  • Summarizes issues and security recommendations

Export to Sheets

  • Appends results to Google Sheets for tracking trends
  • Includes timestamp, URL, grade, scores, and detailed findings
  • Supports historical analysis and compliance reporting

Email Report

This phase generates AI-powered remediation instructions and sends detailed
security reports.

AI Remediation Agent

  • Uses AI to create copy-paste instructions for non-technical users
  • Generates platform-specific implementation guidance
  • Provides step-by-step remediation for AI code editors (GitHub Copilot, Cursor,
    etc.)

Email Formatting & Delivery

  • Creates visually rich HTML email reports with:
    • Security grade and score breakdown
    • Missing headers analysis
    • Configuration warnings
    • AI-generated remediation instructions
    • Implementation checklist
  • Sends comprehensive report via Gmail

Setup

To run this workflow, configure the following credentials in n8n:

OpenRouter

  • Generate an API key from your OpenRouter account for AI remediation features

Google Sheets

  • Uses OAuth 2.0 authentication
  • Create a spreadsheet for audit results storage
  • Update the spreadsheet ID in 'Export to Sheets' node

Gmail OAuth2

  • Configure Gmail credentials for automated report delivery
  • Authenticate with your Google account