SecAuditor
passive_scan · safe · legal

See what an attacker sees.
Without breaking anything.

Paste a public URL. We inspect HTTP headers, TLS, cookies, forms, mixed content and information disclosure — then AI summarizes and prioritizes the fix.

No login: you need an account to save your history.

Transport & TLS
HTTPS, HSTS, redirects and mixed content.
Security headers
CSP, X-Frame-Options, Permissions-Policy…
Information disclosure
Exposed versions, cookies without flags, comments.
Technical SEO
Title, meta, canonical, OG, H1, alt, robots.

Passive analysis only — we never log in or exploit vulnerabilities.