passive_scan · safe · legal
See what an attacker sees.
Without breaking anything.
Paste a public URL. We inspect HTTP headers, TLS, cookies, forms, mixed content and information disclosure — then AI summarizes and prioritizes the fix.
No login: you need an account to save your history.
Transport & TLS
HTTPS, HSTS, redirects and mixed content.
Security headers
CSP, X-Frame-Options, Permissions-Policy…
Information disclosure
Exposed versions, cookies without flags, comments.
Technical SEO
Title, meta, canonical, OG, H1, alt, robots.
Passive analysis only — we never log in or exploit vulnerabilities.