Most websites fail basic security checks. I built a free tool to scan yours in 5 seconds.
Try it: sitesafe-eight.vercel.app
What It Checks
10 security headers that every website should have:
| Header | Why It Matters |
|---|---|
| Strict-Transport-Security | Forces HTTPS, prevents downgrade attacks |
| Content-Security-Policy | Prevents XSS by controlling what scripts run |
| X-Frame-Options | Prevents clickjacking |
| X-Content-Type-Options | Prevents MIME sniffing |
| Referrer-Policy | Controls what info leaks via referrer |
Plus SSL certificate validation and response time.
How Grading Works
- A+ (90-100): All critical headers present, HTTPS enforced
- A (80-89): Most headers present, minor gaps
- B (65-79): Some important headers missing
- C (50-64): Multiple security gaps
- D/F (below 50): Significant security risks
Fun Fact
Google.com scores an F on this scanner. They have X-Frame-Options and X-XSS-Protection but miss CSP, HSTS, Referrer-Policy, and most cross-origin headers. Even big companies have gaps.
How It Works
The scanner makes a HEAD request to your URL, reads the response headers, and scores each one. No data is stored. No signup required. Unlimited free scans.
Built with Next.js and deployed on Vercel. The whole thing is under 200 lines of code.
Scan your site: sitesafe-eight.vercel.app
Want to go deeper? Our full security scanner skill checks for SSRF, SQL injection, and 50+ vulnerability patterns in actual source code.
Top comments (0)