Instant A+ to F security grades. SSL, headers, cookies, DNS authentication, and server misconfigurations — all checked in seconds.
2 free scans/day · Sign up for unlimited →
75+ security checks across 15 categories, scanned in seconds.
Certificate validity, HSTS enforcement, TLS version, and HTTPS availability.
CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy.
unsafe-inline, unsafe-eval, frame-ancestors, form-action, base-uri directives.
Secure flag, HttpOnly, SameSite attributes on every cookie.
Origin reflection, wildcard + credentials, unsafe methods detection.
Camera, microphone, geolocation, payment — 10 critical browser API controls.
HTTP scripts, styles, images, iframes on HTTPS pages. Auto-upgrade detection.
SRI hashes on CDN scripts & stylesheets. Supply chain attack protection.
jQuery, Bootstrap, Angular, Lodash, Moment — known CVE detection.
Stack traces, meta generators, source maps, suspicious HTML comments.
CAA records, HSTS preload readiness, DNSSEC, certificate transparency.
HTTP→HTTPS redirect, redirect chains, WWW normalization.
SPF, DKIM, and DMARC records — prevent email spoofing from your domain.
Open redirect params, CSRF tokens, insecure form actions, password fields.
Exposed server versions, .env files, .git config, and other sensitive paths.
Free forever for quick scans. Upgrade for history, monitoring, and API access.
We build custom web apps, security tools, and automation systems. WebSentry is just one of our products.
Talk to our team →