Scan Your Website for
Security Vulnerabilities
Instant security report — 30+ checks for headers, cookies, CORS, exposed files, and more. No file uploads or DNS verification.
Free — No signup required. Only scan sites you own or have permission to test.
Passive security checks
Each check reports as Passed or an issue with severity. No exploits, uploads, or login required.
HTTP Security Headers
CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP, CORP
SSL / HTTPS
HTTPS redirect, HSTS max-age & subdomains, mixed content, insecure form actions
Cookie Security
HttpOnly, Secure, SameSite on all Set-Cookie headers
CORS
Wildcard origins, credential reflection, origin reflection attacks
HTTP Methods
TRACE (XST), PUT, DELETE on public endpoints
Sensitive Files
.env, .git, backups, wp-config, phpinfo, and common leak paths
Information Leakage
Server version, X-Powered-By, stack traces, emails in HTML, generator meta
Subresource Integrity
integrity= on third-party scripts and stylesheets
Page Source
Hardcoded API keys, private keys, inline onclick handlers
Forms & Session
CSRF tokens in POST forms, password autocomplete
Links & Redirects
target="_blank" noopener, open redirect probe, meta refresh
Policies & Discovery
security.txt, robots.txt, admin URLs, error pages, tech fingerprint