Free Tool · Security

Web Security Scan

Paste any URL and we’ll check HTTPS, HSTS, security headers, cookie flags, mixed content, and common file exposure — then grade it 0–100. No signup.

Takes 5–15 seconds · Public pages only · ~22 checks across 5 categories

What we check

Server-side fetch, header inspection, and HTML parsing — the same surface attackers, browsers, and search engines all see.

TRANSPORT

Transport & Encryption

HTTPS coverage, HTTP → HTTPS redirect, HSTS strength, includeSubDomains.

HEADERS

Security Headers

Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP, CORP.

COOKIES

Cookies

Secure, HttpOnly, and SameSite flags on every cookie returned by the page.

CONTENT

Content Integrity

Mixed-content resources, Subresource Integrity (SRI) on third-party scripts, secure form actions.

EXPOSURE

Exposure & Leaks

Server version disclosure, X-Powered-By, and probes for /.env, /.git/config, /wp-config.php.bak.

How our security bot works