Security scan

See exactly what's exposed — before someone else does

Read-only public-surface scan: HTTPS/redirects, security headers (HSTS/CSP/X-Frame-Options/nosniff/Referrer-Policy/Permissions-Policy), cookie flags, mixed content, WordPress exposure signals, forms/injection-surface inventory. Never attacks, logs in, or submits.

Read-only firstProof before doneRollback includedNo fake claims
Run my free security scanSee proof

What it does

Read-only public-surface scan: HTTPS/redirects, security headers (HSTS/CSP/X-Frame-Options/nosniff/Referrer-Policy/Permissions-Policy), cookie flags, mixed content, WordPress exposure signals, forms/injection-surface inventory. Never attacks, logs in, or submits.

What you get

A labeled before-report (PASS/MISSING/NOT_PROVEN/HELD) + a fix plan; most sites are missing basic headers and one safe server change fixes the lot.

Why it is safe

Read-only, public surface only — no exploits, no payloads, no login, no changes.