Free trust scan
Get an instant letter grade for your site’s security, privacy, and accessibility — the same signals your customers’ security teams check. Passive, browser-equivalent, and free.
Free, no login. We run a passive, browser-equivalent scan of one public page — the same traffic a normal visitor sends. We never probe, brute force, or attempt to log in.
Every check is passive — it inspects only what a normal browser visit to one page reveals. We never port-scan, probe for vulnerabilities, brute-force paths, or attempt to log in.
Reads the live certificate over a TLS handshake — expiry, trust chain, protocol, and cipher. Graded SSL-Labs style.
HSTS, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy.
SPF, DMARC, CAA, and DNSSEC records — the signals that stop your domain being spoofed.
Cookie Secure/HttpOnly/SameSite flags and whether a consent banner appears before non-essential cookies are set.
A single request each to check for an accidentally public .git or .env, and for a published security.txt.
An axe-core audit of the rendered page, weighted by impact and affected elements, with the top remediations.
Scores are anchored to recognized rubrics, not arbitrary point deductions: security headers follow Mozilla Observatory’s scoring model, TLS uses SSL-Labs-style letter grades (an expired or untrusted certificate caps the grade hard), and accessibility violations are weighted by impact and the number of affected elements — then surfaced as the top fixes, not just a number.