Free website security scanner

100+ checks, ranked by how much they matter

Frequently asked questions

Is this website security scanner really free?

Yes. You can scan any URL for free with no account needed — you see your security issue count and a sample finding in about 30 seconds. A free account unlocks the full finding-by-finding breakdown; paid plans add copy-paste AI fix prompts, more scans, and continuous monitoring.

Do I need to sign up or install anything?

No signup required to run a scan, and nothing to install. CheckVibe runs entirely in the cloud against your live URL — no agent, no browser extension, no source-code access.

What does the scan check for?

Over 100 checks in parallel: exposed API keys in your JavaScript, SQL injection, cross-site scripting (XSS), missing security headers (CSP, HSTS), weak SSL/TLS, permissive CORS, and backend misconfigurations like world-readable Supabase or Firebase data. It also scores SEO and AEO (AI-search visibility) in the same pass.

How long does a website security scan take?

About 30 seconds. CheckVibe crawls your site and runs every check in parallel, then ranks the findings Critical → Low so you know what to fix first.

What kinds of sites can it scan?

Any publicly reachable URL — a production app, a staging build, or an AI-/vibe-coded prototype from Lovable, Bolt, v0, Cursor or Replit. CheckVibe scans the deployed site regardless of framework or how it was built.

Will it tell me how to fix what it finds?

Yes. Every finding includes reproducible evidence and a plain-English explanation, and paid plans turn each one into a copy-paste fix prompt for Claude, Cursor, and Windsurf so you can patch it without becoming a security expert.