Your app has vulnerabilities.
Let's find them.
Paste a URL. Get a full security autopsy in 30 seconds. Plain-English explanations, zero jargon.
Free · No account required · Results valid for 7 days
The prompt that started it all.
How it works
Paste your URL
Enter any website URL — no login, no setup, no install.
We run 45+ checks
Headers, SSL, secrets, DNS, cookies, and more — all in parallel, all passive.
Get your report
Severity-rated findings with plain-English explanations and AI fix prompts.
What we check
45+ passive security checks — all legal, no active probing
Security Headers
CSP, HSTS, X-Frame-Options, CORS, referrer policy, and more.
SSL / TLS
Certificate validity, TLS version, HTTP→HTTPS redirects, HSTS preload.
Exposed Secrets
API keys, tokens, and credentials leaked in HTML or JS bundles.
CORS Config
Overly permissive cross-origin policies that expose your API.
Cookie Security
HttpOnly, Secure, and SameSite flags on all session cookies.
Info Disclosure
.env, .git/config, phpinfo, and other exposed sensitive files.
Email Security
SPF, DMARC, DKIM, MTA-STS to prevent email spoofing.
Infrastructure
Subdomain discovery, takeover risks, CAA records, DNSSEC.
Simple pricing
Start free. Upgrade when you need more.
Starter
- ✓30 scans / month
- ✓Full vulnerability details
- ✓AI fix prompts
- ✓PDF export
- ✓1 API key
Pro
- ✓100 scans / month
- ✓5 projects
- ✓Daily monitoring + alerts
- ✓Everything in Starter
- ✓5 API keys
Agency
- ✓Unlimited scans
- ✓Unlimited projects
- ✓White-label PDF reports
- ✓20 API keys
- ✓Dedicated support
Frequently asked questions
Run your free scan now
No account. No credit card. Results in 30 seconds.