Free Website Security Checker
Scan a site’s security posture in seconds — HTTPS/TLS, security headers, cookie flags, mixed content, version disclosure and common exposures — and get an A–F grade with prioritised fixes. A passive assessment you can run on your own site, free.
This is a passive posture check of what your site openly serves — not a penetration test. Scan sites you own or have permission to test.
Frequently asked questions
What does the Website Security Checker test?
It runs a passive assessment of what your site openly serves: whether it’s on HTTPS and the TLS version + certificate validity; the six key security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy); cookie security flags (Secure, HttpOnly, SameSite); mixed content on HTTPS pages; software version disclosure in headers; and a couple of well-known misconfigurations like a publicly readable .git or .env. You get an A–F grade and a prioritised list of fixes.
Is this a penetration test (VAPT/WAPT)?
No — and it’s important to be clear about that. This is an automated, passive security posture check: it only reads what your server already returns and looks for common misconfigurations. A real penetration test actively probes for exploitable vulnerabilities and is a manual, authorised engagement by a security professional. Use this tool as a fast first pass and to fix the obvious gaps; commission a proper pentest for anything handling sensitive data.
Can I scan any website?
Only scan sites you own or are explicitly authorised to test. The checks here are non-intrusive (they read public responses and a couple of well-known paths), but you should still have permission. The tool is rate-limited to keep it light on the target.
Why do security headers matter for SEO too?
Beyond protecting visitors, HTTPS and a solid security posture are trust and quality signals. Browsers warn users away from insecure sites, and a hacked or warning-flagged site loses rankings and clicks fast. Fixing these protects both your users and your search performance.
Related free tools
Instant SEO Snapshot
One-click SEO & AI-readiness grade for any page — HTTPS, indexability, title, meta, headings, content & more. Embeddable on your own site.
AI Bot Access Checker
Can ChatGPT, Perplexity, Claude & Gemini crawl your site? Checks robots.txt + live CDN/WAF blocks.
AI Visibility Checker
See what ChatGPT, Claude & Perplexity know about your brand — and how to improve it.
NLP Content Analyzer
Topics, entities, search intent & content gaps an NLP model sees in your page.
AI Retrieval Checker
AI/AIO readiness — can ChatGPT, Perplexity & AI Overviews find, chunk & cite your page?
AI Crawler Log Analyzer
Upload your access log to see which AI bots (GPTBot, ClaudeBot, PerplexityBot) actually crawled you — with spoofed-vs-verified detection.
Want the full picture?
This tool checks one thing. Run a complete, free SEO audit across 26 factors in about a minute.
Run a free SEO audit