Free Tools
Free Website Security Tools
Instant, no-signup checks for the security configurations that matter most — powered by the same engine that runs ZeriFlow's 80+ check scanner.
Website Vulnerability Scanner
Scan a website for common vulnerabilities, security misconfigurations, weak headers, TLS issues, DNS risks, cookies, SEO, accessibility, performance, and information disclosure.
Use tool →Security Headers Checker
Instantly test which HTTP security headers your site is sending. Covers Content-Security-Policy, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options.
Use tool →X-Frame-Options Checker
Check iframe protection and clickjacking defenses with X-Frame-Options and CSP frame-ancestors guidance.
Use tool →Referrer-Policy Checker
Review whether your site limits referrer leakage across origins and protects paths, query strings, and sensitive URLs.
Use tool →Permissions-Policy Checker
Check browser feature controls for camera, microphone, geolocation, payment, fullscreen, and embedded content.
Use tool →SSL & TLS Certificate Checker
Verify your SSL certificate validity, expiration date, TLS version support, cipher suite strength, and HTTPS redirect configuration.
Use tool →TLS Checker
Check whether your site uses modern HTTPS, valid certificates, safe TLS versions, and reliable redirect behavior.
Use tool →HSTS Checker
Validate your Strict-Transport-Security header, max-age, includeSubDomains usage, and preload readiness.
Use tool →DMARC Record Checker
Validate your domain's DMARC, SPF, and DKIM configuration. See exactly what policy is in place and whether it blocks phishing or just monitors it.
Use tool →CSP Checker
Validate your Content-Security-Policy header. Detect missing directives, unsafe-inline usage, wildcard sources, and missing frame-ancestors — with fix recommendations.
Use tool →Cookie Security Checker
Analyze the cookies your site sets. Verify the Secure, HttpOnly, and SameSite flags are correctly configured on all session and authentication tokens.
Use tool →Mixed Content Checker
Find HTTP scripts, styles, images, iframes, fonts, and assets loaded from HTTPS pages.
Use tool →HTTP Redirect Checker
Test HTTP-to-HTTPS redirects, trace the full redirect chain, detect redirect loops, and verify you are using 308 rather than 302 for permanent moves.
Use tool →CORS Checker
Test your Cross-Origin Resource Sharing policy. Detect wildcard misuse, origin reflection bugs, and credential exposure across your API endpoints.
Use tool →Robots.txt Checker
Review crawl directives, sitemap references, accidental sitewide blocks, and sensitive path exposure in robots.txt.
Use tool →Sitemap Checker
Validate XML sitemap discovery, URL quality, robots.txt references, indexability signals, and broken entries.
Use tool →Security.txt Checker
Validate vulnerability disclosure contact details, expiry, canonical URL, and security policy links.
Use tool →HTTP Methods Checker
Review visible HTTP method behavior and risky public exposure of TRACE, PUT, PATCH, DELETE, and OPTIONS.
Use tool →DNS Security Checker
Check DNSSEC, CAA, SPF, DMARC, MX records, and common domain-level security configuration risks.
Use tool →CAA Record Checker
Check which certificate authorities are authorized to issue TLS certificates for your domain.
Use tool →SPF Record Checker
Validate SPF sender authorization, include chains, lookup limits, and email spoofing protection basics.
Use tool →