Test any website for security vulnerabilities

A passive, non-intrusive scan: we check HTTPS & the TLS certificate, missing security headers, insecure cookies, information disclosure and exposed sensitive files — then grade the site and tell you exactly what to fix.

Try: prothomalo.com · daraz.com.bd · github.com

Transport & TLS

HTTPS enforcement, HTTP→HTTPS redirect, HSTS and the live TLS certificate — issuer, expiry and protocol version.

Headers & Cookies

Missing CSP, X-Frame-Options, X-Content-Type-Options and Referrer-Policy, plus Secure / HttpOnly / SameSite cookie flags.

Exposure & Disclosure

Checks well-known risky paths (.git, .env, backups, phpinfo) and flags leaked server versions and tech-stack headers.

Please scan responsibly. This tool only sends ordinary GET requests to public URLs and reads what the server chooses to reveal — it never attacks, injects or brute-forces anything. Only scan websites you own or have explicit permission to test.