Free website security scanner

Check 10 security headers and configurations that protect your visitors. No signup required, results in under 60 seconds.

Run Free Audit Start 7-Day Studio Trial

No signup required. Results in under 60 seconds.

What we check

Missing security headers leave websites open to clickjacking, data interception, and content injection. Most fixes take minutes to add through server configuration or a CDN, but you need to know what is missing first.

HTTPS Enabled

Verifies the site loads over HTTPS and redirects from HTTP

Strict Transport Security (HSTS)

Checks for an HSTS header that forces HTTPS connections

SSL Certificate Valid

Validates the SSL certificate is current and not expired

Mixed Content

Flags HTTP resources loaded on HTTPS pages

Content Security Policy

Checks for a CSP header that restricts script sources

Clickjacking Protection

Verifies X-Frame-Options or frame-ancestors CSP is set

MIME-Type Sniffing Protection

Checks for X-Content-Type-Options: nosniff header

Referrer Policy

Verifies a Referrer-Policy header controls URL leakage

Cross-Origin Opener Policy

Checks for a COOP header that isolates browsing contexts

Browser Permissions Policy

Verifies a Permissions-Policy header restricts browser APIs

Example findings from a scan

No Content Security Policy header found

HSTS header missing on main domain

Mixed content: 2 images loaded over HTTP

See how teams use SiteCurl:

For E-commerce For SaaS For Agencies

Frequently asked questions

What security checks does SiteCurl run?

SiteCurl checks HTTPS enforcement, HSTS, SSL certificates, mixed content, Content Security Policy, clickjacking protection, MIME-type sniffing, referrer policy, COOP, and permissions policy.

Does SiteCurl find malware or vulnerabilities?

No. SiteCurl checks HTTP security headers and configuration. It does not scan for malware, SQL injection, or application-level vulnerabilities.

How do I fix a missing security header?

Most security headers can be added through your web server configuration (nginx, Apache) or CDN settings (Cloudflare, Vercel). Each finding in SiteCurl includes a fix recommendation.

Can I scan more than one page?

The free audit checks your homepage. With a paid plan, you can scan up to 50 pages per site and get email alerts when security issues appear.

Scan your site for security issues

Run Free Audit View sample report

We use cookies to understand how visitors interact with our site. No personal data is sold.