Test any website for security vulnerabilities
A passive, non-intrusive scan: we check HTTPS & the TLS certificate, missing security headers, insecure cookies, information disclosure and exposed sensitive files — then grade the site and tell you exactly what to fix.
Try: prothomalo.com · daraz.com.bd · github.com
Transport & TLS
HTTPS enforcement, HTTP→HTTPS redirect, HSTS and the live TLS certificate — issuer, expiry and protocol version.
Headers & Cookies
Missing CSP, X-Frame-Options, X-Content-Type-Options and Referrer-Policy, plus Secure / HttpOnly / SameSite cookie flags.
Exposure & Disclosure
Checks well-known risky paths (.git, .env, backups, phpinfo) and flags leaked server versions and tech-stack headers.