Free Website Security Scanner

Scan your website for common security issues. By Unofix

Preparing scan...
Recently Scanned Sites: https://www.aceautowreckers.com/https://timexsinclair.com/http://www.thebakerstablesc.com/https://hiphopdrops.com/https://tormentacgi.com/

What Does the Scanner Check?

The scan focuses on common security misconfigurations, including HTTP security headers, SSL/TLS configuration, cookie security flags, exposed files, and server information leakage. These issues are among the most frequent causes of data exposure, session hijacking, and client-side attacks. The scanner only reads publicly available information and is fully non-intrusive.

What is Server Hardening?

Server hardening is the process of securing your server by closing unnecessary access points and fixing common misconfigurations. Think of it like securing your home: you lock doors, don't advertise when you're away, and install an alarm system.

Most hardening measures are free configuration changes — editing .htaccess, updating PHP settings, or tweaking your CMS. The hard part isn't the implementation, it's knowing what to fix. That's what this scanner does.

Not in the mood for reading? Watch this quick video that explains the concept in 2 minutes.

Security Checks

🛡️ HTTP Security Headers

Modern browsers have built-in protection against clickjacking, XSS attacks, and other exploits — but only if your server tells them to activate it. We check if you're sending the 10 most important security headers.

Why it matters: Without these headers, browsers allow third-party sites to load your pages in iframes (clickjacking), execute malicious scripts (XSS), and sniff file types to exploit vulnerabilities. These are simple configuration changes that dramatically reduce attack surface.
🔒 SSL/TLS Certificate Security

We verify that your site uses HTTPS and has a valid SSL certificate from a trusted Certificate Authority. We also check expiration dates and flag self-signed certificates that trigger browser warnings.

Why it matters: Without proper HTTPS, all traffic between your server and visitors is transmitted in plain text. Anyone on the same WiFi network (coffee shops, airports) can intercept passwords, session tokens, and sensitive data. Even Google penalizes non-HTTPS sites in search rankings.
🍪 Cookie Security Flags

We analyze cookies set by your website and check if they use proper security flags: Secure (HTTPS-only), HttpOnly (JavaScript cannot read), and SameSite (CSRF protection). We also check for overly long expiration times and broad domain scope.

Why it matters: Improperly configured cookies are a major security risk. Without the HttpOnly flag, attackers can steal session cookies via XSS attacks and hijack user accounts. Without Secure, cookies can be intercepted over HTTP. Without SameSite, your site is vulnerable to CSRF attacks where malicious sites can perform actions on behalf of logged-in users.
📂 Exposed Sensitive Files

We scan for publicly accessible files that should be hidden: .git folders (exposes source code), .env files (database passwords), backup archives, and leftover installation directories. We also detect which CMS/technology you're using.

Why it matters: A single exposed .env file can contain your database password, API keys, and admin credentials. Git folders leak your entire source code history. Attackers actively scan for these using automated tools — it takes them seconds to find and exploit.
🖥️ Server Information Leakage

We check if your server reveals software versions (Apache, PHP, WordPress) in HTTP headers and HTML. This is like leaving a blueprint of your security system visible to potential attackers.

Why it matters: Attackers search for specific software versions with known vulnerabilities (CVEs). If your headers show "PHP 7.2.5", they know exactly which exploits will work. Hiding version info doesn't fix vulnerabilities, but it removes the neon sign pointing at them.

Want Unlimited Scans?

Standard users get 5 scans per day. If you need more (for example, to test changes as you implement fixes), contact me for unlimited access.

Sign Up for Free Unlimited Scans
  • Scan as much as you want – no daily limits
  • Get monthly security reports via email
  • Early access updates
No spam. No selling of e-mails.