// free security scanner
See what your site reveals.
An instant, read-only report on your HTTPS, security headers, TLS certificate and accidentally-public files. We only read what your site already returns — nothing is attacked, and nothing is stored on your device.
// what we look at
A quick, honest health check
✓
HTTPS & redirects
Confirms encrypted traffic and that HTTP upgrades to HTTPS.
✓
Security headers
HSTS, CSP, X-Frame-Options, Referrer-Policy and more.
✓
TLS certificate
Whether the certificate is valid and how soon it expires.
✓
Cookie hardening
Checks the Secure and HttpOnly flags on cookies.
✓
Version disclosure
Flags server software that reveals its exact version.
✓
Exposed files
Looks for public /.git/ and /.env — a common, serious leak.
Is this safe and legal to run?
Yes. It only reads publicly returned information — the same response your browser gets — and sends no attack traffic. Private and internal addresses are refused.
Does a good grade mean my site can't be hacked?
No. This covers front-line hygiene: headers, TLS and exposures. It's a strong first indicator, not a full penetration test.
Do you store the result?
We keep a private record of scans to improve the tool. Nothing is stored on your device and there are no cookies.