Scan Your Website for
Security Vulnerabilities
Instant security report — 30+ checks for headers, cookies, CORS, exposed files, and more. No file uploads or DNS verification.
Free — No signup required. Only scan sites you own or have permission to test.
What gets checked
HTTP Security Headers
CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
SSL / Secure Transmission
HTTPS redirect enforcement, HSTS max-age, mixed content detection on HTTPS pages
Cookie Security
HttpOnly, Secure, and SameSite flags on all Set-Cookie response headers
CORS Configuration
Wildcard origin abuse, credential reflection, arbitrary origin acceptance
Sensitive File Exposure
.env, .git, wp-config.php, phpinfo.php, backup.sql, and 14+ more paths
Information Leakage
Server headers, stack traces, hardcoded API keys, generator meta tags
HTTP Methods
TRACE, PUT, DELETE enabled on public endpoints (Cross-Site Tracing)
Subresource Integrity
External scripts and stylesheets loaded without integrity= attributes
Forms & Session
CSRF token presence in POST forms, password autocomplete settings