Is your website safe?

Encryption

Expiring certificates, outdated TLS versions, whether http still works

Browser defenses

Missing security headers that block XSS, clickjacking, cookie theft — 9 kinds checked

Leaked files

Secret files (.env), source-code folders (.git), admin panels (wp-admin, phpMyAdmin), internal APIs — 100+ paths

Leaked secrets

32+ key patterns — AWS, Google, Stripe, OpenAI, GitHub — found inside public JS bundles

Outdated libraries

jQuery, Bootstrap, React and friends — looked up live against the OSV.dev CVE database

Email spoofing

Whether someone can send phishing mail from your domain (SPF, DMARC, DKIM)

Supply chain

Missing integrity hashes on external scripts, leaked source maps, suspicious third-party origins

Active probes

Open redirect, CORS origin echo, reflected XSS, HTTP TRACE, dangling-CNAME takeover

Public data

Subdomains pulled from certificate transparency logs, robots.txt, sitemap, security.txt

1. 01Enter your site. Paste your site's address and tick the box that confirms it's yours.
2. 02Prove it's yours. Upload a small file or paste one line into your HTML. This stops people from scanning sites that aren't theirs.
3. 03Get a report. In about 5 seconds you'll see what's risky on your site and how to fix it.

This service is a pre-engagement security audit tool. Scanning a site you do not own, without consent, may violate local computer-misuse laws. By submitting a scan you agree to the Terms of Service and Privacy Policy.