Website Vulnerability
Scanner
Detect exposed secrets, dangerous code, missing security headers, insecure forms, and more. Every finding includes an AI prompt to fix it.
New: AI Fix Prompts. Every vulnerability includes a "Copy AI Fix Prompt" button. Paste it into Cursor, Lovable, Bolt, or any AI tool — it tells the AI exactly what to fix and how.
Passive analysis only. Only scan sites you own or have permission to test.
01
AI Fix Prompts
Every vulnerability includes a prompt you can paste into Cursor, Lovable, Bolt, or v0. No security knowledge needed — just copy, paste, and let the AI fix it.
02
Client + Server Scan
Two-layer analysis: client-side HTML/JS scanning plus real HTTP header inspection via our backend. Covers what both browser tools and header checkers see.
03
Passive & Ethical
No active exploits sent. No payloads. Just passive reading of what is publicly accessible. Only scan sites you own or have permission to test.
What the scanner checks
Secrets & Exposure
- 23 patterns: AWS, Stripe, GitHub, OpenAI, Anthropic, Supabase, Resend, Shopify & more
- JWT tokens, private keys, database URIs
- Internal IPs, emails, sensitive HTML comments
- Debug code and stack traces in production
Code Risks & Cookies
- eval(), innerHTML, document.write() detection
- Open redirect URL parameters
- Mixed HTTP content on HTTPS pages
- Cookie HttpOnly, Secure, SameSite flags
- Dependency confusion from private package names
Forms & Auth
- Forms submitting over HTTP
- Password fields using GET method
- External form action destinations
- Missing autocomplete on password fields
- HTTPS protocol enforcement
Headers & Dependencies
- HSTS, X-Frame-Options, X-Content-Type-Options
- CSP, Referrer-Policy, Permissions-Policy
- Server technology leakage (X-Powered-By etc.)
- SRI on external scripts and stylesheets
- 8 libraries checked: jQuery, Bootstrap, Lodash, Angular, Vue, React, Axios, Moment.js
Frequently asked questions
Security sorted? Now check your SEO.
Audit meta tags, headings, Open Graph, and keyword consistency.