Free Security Scanner

Is Your Website Secure?

Enter any URL to get an instant security assessment. We check security headers, SSL certificates, exposed files, CORS policies, and more.

Results in ~10 seconds

No signup required

10 security checks

1 free scan per month

4,650 websites scanned

What We Check

Security Headers

HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy

SSL/TLS Certificate

Certificate validity, expiration date, and protocol version

Cookie Security

Secure, HttpOnly, and SameSite attributes on cookies

Exposed Files

.env, .git, backup files, debug endpoints, and other sensitive paths

CORS Policy

Overly permissive cross-origin resource sharing configurations

DNS Records

SPF and DMARC email authentication policies

Technology Detection

Framework and CMS fingerprinting that aids targeted attacks

Mixed Content

Insecure HTTP resources loaded on HTTPS pages

Server Leakage

Server and X-Powered-By headers exposing version information

Only available with ShipShield ($25)

Go Deeper With a Full Codebase Audit

The free scan checks what's visible from the outside. A full ShipShield audit connects to your GitHub repo and analyzes your actual source code, dependencies, infrastructure, and more, covering 5,000,000+ vulnerability signatures.

Exposed Secrets

API keys, credentials, and tokens buried in code and git history

Auth & Authorization

Missing auth checks, weak JWT config, privilege escalation paths

Injection Vulnerabilities

SQL injection, XSS, SSRF, and command injection in your source code

Dependency CVEs

Known vulnerabilities across npm, pip, cargo, and go packages

AI Business Logic Review

AI-powered analysis of input validation, race conditions, and logic flaws

Sensitive Data Flows

PII logging, unencrypted data transmission, and storage issues

Infrastructure Security

Rate limiting, request size limits, and file upload restrictions

Docker & Container Scanning

Container misconfigs, exposed ports, running as root, OS-level CVEs

License Compliance

GPL/AGPL copyleft detection across all your dependencies

SBOM Generation

SPDX-format Software Bill of Materials for compliance and audits

Supply Chain Security

Typosquatting detection and suspicious package analysis

Professional PDF Report

Detailed findings with severity ratings, code references, and AI-powered fix suggestions

Get a Full Codebase Audit for $25

Scans complete in 2-8 minutes · Automatic refund if scan fails