When an API is accessed by method say for e.g. Get/Post it will give some response containing response data, response code along-with response headers.
The OWASP Secure Headers Project describes these HTTP response headers that applications can use to increase the security of the application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities. The OWASP Secure Headers Project intends to raise awareness and use of these headers. Below are the Response Headers described by OWASP which increases the security of the application.
HTTP Strict Transport Security (HSTS)
X-Frame-Options
X-Content-Type-Options
Content-Security-Policy
X-Permitted-Cross-Domain-Policies
Referrer-Policy
Feature-Policy
Public Key Pinning Extension for HTTP (HPKP)
Expect-CT
X-XSS-Protection
This is a Python based API-Security framework containing ApiSecurityHeader.py script which will check the above mentioned Security response headers are present and contains the required value. The script will work for ANY API provided. It supports both get and post method.
https://github.com/OWASP/www-project-secure-headers