Your website's security score
in 60 seconds.
Enter any URL. ZeriFlow runs 80+ non-intrusive checks and delivers a scored security report with actionable fixes. Free, no install required.
Free to start · No credit card · No domain verification needed
80+
Security checks
60s
Time to results
12
Categories covered
Here's what you get after your scan
Overall Score
Category Scores
Advanced Scan goes deeper — source code analysis, secrets detection, dependency CVEs, and architectural risks.
80+ checks across 12 security categories
Every scan covers the full surface of your site's publicly visible security posture.
TLS / HTTPS
Certificate validity, protocol versions, cipher suites, HSTS enforcement
HTTP Headers
CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy and more
Cookie Security
Secure, HttpOnly, SameSite flags and cookie scoping analysis
Content Security
Mixed content, subresource integrity, form security checks
DNS & Network
DNSSEC, CAA records, CDN detection and network intelligence
Email Security
SPF, DKIM, and DMARC record validation and alignment
Information Disclosure
Server fingerprinting, exposed files, directory listing detection
Privacy
Cookie consent, third-party trackers, privacy policy presence
Performance
Core Web Vitals, resource optimization, caching headers
Accessibility
Security-relevant accessibility and configuration checks
Best Practices
robots.txt, sitemap, security.txt, meta tag configuration
Network Security
CDN usage, IP reputation, open port detection
From URL to security score in 3 steps
Enter your URL
Paste any publicly accessible URL. No domain verification, no registration for the first scan.
We run 80+ checks
ZeriFlow tests your TLS, headers, cookies, DNS, email auth, and 70+ more checks concurrently. Results in under 60 seconds.
Get your scored report
Every check shows a pass, warn, or fail status with an explanation and a concrete fix recommendation.
$ zeriflow scan https://your-site.com
[1/14] Connecting to target... ✓
[2/14] Checking TLS / HTTPS... ✓
[3/14] Analyzing security headers... ⚠
[4/14] Inspecting content security... ✓
[5/14] Evaluating cookies... ✓
[6/14] Scanning info disclosure... ✗ (critical)
[7/14] Checking DNS & network... ✓
[8/14] Validating email auth (SPF)... ✓
[9/14] Validating email auth (DMARC)... ✓
[10/14] Checking privacy compliance... ⚠
[11/14] Running performance checks... ✓
[12/14] Running best practices... ✓
[13/14] Checking network security... ✓
[14/14] Calculating score...
Score: 68/100 Grade: C
3 critical · 5 warnings · 2 infoWhy ZeriFlow over the alternatives?
| Feature | ZeriFlow | SecurityHeaders | Observatory | Manual audit |
|---|---|---|---|---|
| Checks per scan | 80+ | 11 | 28 | varies |
| Score /100 | ✅ | A–F grade | ✅ | ❌ |
| Fix recommendations | ✅ | partial | partial | ✅ |
| AI analysis | ✅ | ❌ | ❌ | ❌ |
| PDF report | ✅ | ❌ | ❌ | yes ($$$) |
| Monitoring & alerts | ✅ | ❌ | ❌ | ❌ |
| Free tier | ✅ | ✅ | ✅ | ❌ |
Checks per scan
Score /100
Fix recommendations
AI analysis
PDF report
Monitoring & alerts
Free tier
Start free. Scale when you need more.
The free plan gives you 1 scan per day. Upgrade for unlimited scans, PDF reports, and monitoring.
Free
Forever free
- 1 quick scan per day
- Full check details
- Basic recommendations
- No credit card needed
Pro
For developers
$99/yr · 2 months free
- Unlimited quick scans
- 1 advanced scan / month
- PDF export
- Weekly monitoring (5 URLs)
- REST API (30 calls/mo)
- AI explanations
Business
For teams
$192/yr · Save 20%
- Everything in Pro
- 5 advanced scans / month
- Daily monitoring (15 URLs)
- REST API (100 calls/mo)
- White-label PDF
- GitHub code analysis
Unlimited
For agencies
$390/yr · Save 33%
- Everything in Business
- 200 advanced scans / month*
- Daily monitoring (unlimited URLs)
- REST API (1,000 calls/mo)
- White-label PDF
* Subject to fair use policy to maintain service quality for all users.
Common questions
Under 60 seconds for most sites. The scanner runs all checks concurrently rather than sequentially, which is why it's so fast. Unusually slow target servers may add a few extra seconds.
No. ZeriFlow scans entirely from the outside using the same techniques a security researcher would use. Nothing is installed on your server, no agent, no code snippet.
Completely safe. ZeriFlow performs non-intrusive, read-only checks only. We never attempt to exploit or modify anything — your website remains completely untouched during the scan.
Quick Scan analyzes your website's publicly accessible surface — headers, TLS, DNS, cookies, and 80+ more checks. Advanced Scan goes deeper: it connects to your GitHub repository or analyzes a ZIP of your source code to find hardcoded secrets, vulnerable dependencies, insecure API patterns, and architectural risks.
You can scan any publicly accessible website or web application. The scan only inspects what's visible from the outside — the same view a visitor or attacker would have.
Don't worry — most sites score 30–60 on their first scan. Focus on the critical and high-severity findings first. Each finding comes with a concrete fix recommendation so you know exactly what to do.
What's your security score?
Find out in 60 seconds. No credit card, no domain verification, no setup.