Scan websites for security vulnerabilities, check SSL certificates, analyze security headers, test password strength, and audit privacy configurations — all from your browser.
Check DMARC, SPF, and DKIM DNS records for any domain to assess email authentication and prevent spoofing.
Find HTTP resources loaded on HTTPS pages. Detect active and passive mixed content issues.
Analyze Content Security Policy headers. Check for unsafe-inline, unsafe-eval, and wildcards.
Analyze cookies set by a website. Check Secure, HttpOnly, SameSite flags and compliance issues.
Test CORS configuration for vulnerabilities. Check wildcard, null origin, and credential leaks.
Check for clickjacking vulnerabilities. Analyze X-Frame-Options and CSP frame-ancestors headers.
Grade HTTP security headers (CSP, HSTS, X-Frame-Options, etc.) with A-F scoring.
Test for open redirect vulnerabilities by checking common redirect parameters.
Analyze raw email headers: trace hops, check SPF/DKIM/DMARC, and extract sender info.
Analyze TLS/SSL protocol support, cipher suites, and certificate details for a domain.
Check if an email address has been exposed in known data breaches.