Website Security Snapshot
Enter your site URL for a passive HTTP-layer check. Get a branded report with practical fixes — no pentest, no code access required.
- HTTPS redirect
- HSTS (Strict-Transport-Security)
- TLS certificate
- Content-Security-Policy
- CSP script-src policy
- Clickjacking protection
- MIME sniffing protection
- Referrer-Policy
- Cookie security flags
- security.txt
- 1 Step 1 — Analyze your site
- 2 Step 2 — Snapshot summary
- 3 Step 3 — Your details
- 4 Step 4 — Your results
Step 1 — Analyze your site
This is a passive snapshot of HTTP headers and TLS — not a penetration test or application security audit. XSS/CSRF indicators only; they do not replace testing your app logic.
Step 2 — Snapshot summary
Step 3 — Your details
Enter your name and work email to unlock your detailed security snapshot.
Step 4 — Your results
Here is your detailed security snapshot. Verify your email to receive the full branded report with remediation guidance.
Remediation guidance is included in the email report after you verify your address.
Check your inbox
We sent a verification link to your inbox. Click it to receive the complete report with remediation steps by email.
Common questions
Is this a penetration test?
No. We only perform passive checks on HTTP headers and TLS from the outside. We do not exploit vulnerabilities or access your application code.
Why do I need to verify my email?
Verification prevents sending reports to addresses you do not control and reduces abuse of the free tool.
Will you store my scan forever?
Scans and reports are retained for a limited period for delivery and follow-up. See our Privacy Policy for details.