Scan any public web page and get an instant 0-100 security score, an A+ to F letter grade, the present/missing security-header map, and prioritized, severity-sorted remediation guidance.
The analyzer evaluates the eight headers that actually move the needle on web security:
Strict-Transport-Security (HSTS), Content-Security-Policy (CSP, with heuristic checks for
unsafe-inline, unsafe-eval, and wildcard sources), X-Frame-Options, X-Content-Type-Options,
Referrer-Policy, Permissions-Policy, Cross-Origin-Opener-Policy, and Cross-Origin-Resource-Policy.
HSTS and CSP carry the heaviest weight because they matter most. It also flags information-leak
headers such as Server and X-Powered-By.
100% edge-native: the only external data source is the fetch of the target URL itself. It follows
redirects and reports final_url separately, bounds every request with a configurable timeout, and
refuses to scan localhost and private addresses.
Subscribe on RapidAPI
- Instant scoring: Weighted 0-100 score and an A+ to F grade
- Actionable: Severity-sorted recommendations from Critical to Info
- Edge-native: Fast, consistent scans with no third-party scanners