42scanners covering 200+ individual checks — SQLi, XSS, exposed keys, BaaS misconfigs, SSL/TLS grading, plus SEO & AEO visibility, uptime monitoring, Core Web Vitals, and accessibility. Each finding ships with an AI-ready fix prompt.
Detect SQL injection vulnerabilities in your web application before attackers exploit them.
Find XSS vulnerabilities that could let attackers inject malicious scripts into your pages.
Check if your site has the right HTTP security headers to prevent common attacks.
Detect exposed API keys, tokens, and secrets in your frontend code and responses.
Verify your SSL/TLS configuration, certificate validity, and encryption strength.
Detect dangerous CORS policies that could allow unauthorized cross-origin access.
Check if your forms and API endpoints are protected against cross-site request forgery.
Audit cookie flags, session management, and token security for your application.
Test your login, signup, and password reset flows for common security weaknesses.
Verify DNS configuration, SPF, DKIM, DMARC records, and domain security.
Find URL redirect vulnerabilities that attackers use for phishing campaigns.
Audit your GraphQL API for introspection leaks, injection, and query complexity attacks.
Analyze JSON Web Tokens for weak algorithms, key exposure, and implementation flaws.
Identify your technology stack and check for known vulnerabilities (CVEs).
Check if your domain or IP appears on blocklists, malware databases, or threat feeds.
Check for privacy policy, cookie consent, terms of service, and GDPR compliance indicators.
Evaluate your site's resilience against distributed denial-of-service attacks.
Test file upload endpoints for unrestricted uploads and remote code execution risks.
Verify that security events are properly logged and monitored in your application.
Check API endpoints for proper rate limiting and abuse prevention on mobile-facing APIs.
Detect subdomain takeover vulnerabilities and domain registration security issues.
Find exposed debug routes, admin panels, and development endpoints left in production.
Test form fields and API inputs for proper validation and sanitization.
Audit Vercel-specific security settings, headers, and deployment configuration.
Check Netlify-specific security configuration, headers, and deployment settings.
Audit Cloudflare configuration, WAF settings, and CDN security features.
Scan your project dependencies for known vulnerabilities and outdated packages.
Audit your Supabase project for RLS misconfigurations, exposed APIs, and insecure auth settings.
Check Firebase Security Rules, authentication settings, and Firestore/RTDB access controls.
Scan your GitHub repository for leaked secrets, misconfigured Actions, and supply chain risks.
Detect JWTs, refresh tokens, and session identifiers stored in localStorage or sessionStorage.
Scan connected GitHub repositories for high-risk auth, secret, CORS, SQL, SSRF, and cookie patterns.
Find webhook handlers that appear to trust provider events without verifying signatures.
Find exposed admin routes, unauthenticated APIs, sequential IDs, and mass data exposure.
Use two authenticated test actors to verify tenant-scoped resources cannot be read across accounts.
Grade your search visibility with 68 checks — indexability, metadata, structured data, content, links, and Core Web Vitals.
Check whether AI answer engines — ChatGPT, Claude, Perplexity, Google AI — can crawl, parse, and cite your site. 46 checks.
External uptime checks every 60 seconds with incident tracking, down/recovery alerts, and a public status page.
Lab diagnostics plus real-user Core Web Vitals from CrUX and RUM — with daily regression alerts before rankings drop.
WCAG 2.x Level AA signals across structure, forms, navigation, and media — the EAA-relevant checks, automated.
SPF, DKIM, DMARC, MX, MTA-STS, and BIMI checked continuously — with a managed DMARC report inbox.
Domain expiry, transfer locks, nameserver drift, DNSSEC, CAA, and certificate runway — watched daily, alerted on change.
Paste your URL and get a complete security report with AI-ready fix prompts for every finding.
Scan your site free