Free Tools
Free Website Security Tools
Instant, no-signup checks for the security configurations that matter most — powered by the same engine that runs ZeriFlow's 80+ check scanner.
Security Headers Checker
Instantly test which HTTP security headers your site is sending. Covers Content-Security-Policy, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options.
Use tool →SSL & TLS Certificate Checker
Verify your SSL certificate validity, expiration date, TLS version support, cipher suite strength, and HTTPS redirect configuration.
Use tool →DMARC Record Checker
Validate your domain's DMARC, SPF, and DKIM configuration. See exactly what policy is in place and whether it blocks phishing or just monitors it.
Use tool →CSP Checker
Validate your Content-Security-Policy header. Detect missing directives, unsafe-inline usage, wildcard sources, and missing frame-ancestors — with fix recommendations.
Use tool →Cookie Security Checker
Analyze the cookies your site sets. Verify the Secure, HttpOnly, and SameSite flags are correctly configured on all session and authentication tokens.
Use tool →HTTP Redirect Checker
Test HTTP-to-HTTPS redirects, trace the full redirect chain, detect redirect loops, and verify you are using 308 rather than 302 for permanent moves.
Use tool →CORS Checker
Test your Cross-Origin Resource Sharing policy. Detect wildcard misuse, origin reflection bugs, and credential exposure across your API endpoints.
Use tool →