Protect your website with comprehensive security analysis. SSL, headers, malware, firewall, and 30+ security checks.
30 tools in this category
SSL Certificate
Checks SSL certificate validity, expiry, and issuer.
SPF Record
Checks SPF record to validate email sending policy.
DMARC Record
Checks DMARC policy for email spoofing protection.
Safe Browsing
Checks Google Safe Browsing for malware or phishing threats.
Blacklist Check
Checks IP against Spamhaus, SpamCop, SORBS, and Barracuda.
DKIM Record
Checks common DKIM selectors for email authentication.
Port Scanner
Scans common ports via a dedicated VPS scanner for open/risky services.
Cookie Security
Checks cookies for Secure, HttpOnly, and SameSite attributes.
Mixed Content
Detects HTTP resources loaded on HTTPS pages.
Subresource Integrity
Checks if external scripts and stylesheets use SRI hashes.
Security.txt
Checks for a security.txt file for responsible disclosure.
BIMI Record
Checks Brand Indicators for Message Identification (BIMI) DNS record.
MTA-STS
Checks MTA Strict Transport Security configuration for inbound email.
Firewall / WAF
Detects Cloudflare, AWS WAF, Akamai, Sucuri, and other firewalls.
Security Headers Grade
Grades the site A+ to F based on 6 core HTTP security headers.
Permissions Policy
Checks if the Permissions-Policy header restricts camera, mic, geolocation, and payment APIs.
CORS Policy
Checks Cross-Origin Resource Sharing configuration for wildcard or unsafe origins.
Server Header Leakage
Checks if Server or X-Powered-By headers expose version information.
Clickjacking Test
Checks X-Frame-Options and CSP frame-ancestors for clickjacking protection.
TLS Version
Detects the TLS protocol version negotiated — checks for insecure TLS 1.0/1.1.
HSTS Preload
Checks if the domain is on Chrome's HSTS preload list for forced HTTPS.
Certificate Transparency
Queries crt.sh for all SSL certificates ever issued for the domain.
VirusTotal Scan
Checks the domain against 70+ antivirus engines via VirusTotal.
Phishing Check
Checks the domain against URLhaus and phishing databases for known threats.
Malware Check
Checks URLhaus and ThreatFox for malware distribution activity on this domain.
Sensitive Files
Checks if .env, .git/HEAD, phpinfo.php, wp-config.php and other sensitive files are publicly accessible.
Admin Exposure
Checks if admin panels (/admin, /wp-admin, /phpmyadmin) are publicly reachable.
Directory Listing
Checks if web server directory listing is enabled on common paths.
Subdomain Takeover
Checks for dangling DNS CNAMEs pointing to unclaimed cloud services.
Open Redirect
Detects open redirect parameter patterns (?url=, ?redirect=, ?next=) in page links.