Scan any URL.
Find the leaks in 60s.
21 passive checks run against your live app right now — security headers, cookie flags, exposed secrets, CSP depth, source-map leaks, OWASP-aligned platform fingerprinting, Supabase RLS probing (CVE-2025-48757), DNS / TLS / email security, dependency CVEs. No signup. Read-only by default.
Internal/private IPs are refused. Each scan takes 3–8 seconds (longer with Deep Scan).
Want active probes too? Buy Deep Scan ($19, one-time) and unlock all 26 checks for 30 days.