Passive scanner online / v2

SECURITY PREFLIGHT FOR RAPIDLY BUILT APPS

Ship fast.
Check first.

A safe, explainable website security preflight for apps built with ChatGPT, Gemini, Replit, Base44, and modern development tools.

Scan only websites you own or are authorized to assess. HTTPS and standard ports only. Up to 8 scans per minute.

✓ One passive request✓ No exploits✓ No account required
LIVE PREFLIGHT
SAFE
CHECK
HTTPSTransport
HEADERSBrowser defense
COOKIESSession safety
PASSIVE01request
0exploit attempts
8srequest timeout
100%explainable findings
Localhistory stays in browser
WHAT WE REVIEW

A useful signal before a deeper audit.

01

Transport

HTTPS enforcement, redirects, and strict transport protections.

02

Browser defenses

Content security, framing, MIME handling, and cross-origin isolation.

03

Cookie posture

Secure, HttpOnly, and SameSite attributes when observable.

04

Privacy and exposure

Referrer, permissions, and server-information disclosure signals.

BUILT FOR ACTION

From finding
to fix plan.

Each issue includes severity, why it matters, and implementation-ready guidance. Filter the report, copy fixes, or export it for your developer.

  1. 1
    Enter an authorized HTTPS site

    Private networks, credentials, custom ports, and literal IP addresses are rejected.

  2. 2
    Review one public response

    We inspect observable protections without crawling, signing in, or following redirects.

  3. 3
    Download the remediation plan

    Export Markdown or JSON to document work and share with your team.

DEVELOPER MODE

Need to check source code too?

The open-source CLI scans local projects for exposed secrets, unsafe code execution, insecure cookies, wildcard CORS, debug mode, and other common rapid-development mistakes without executing project code.

View CLI instructions ↗
HONEST BOUNDARIES

A preflight, not a penetration test or security certification.

We inspect one public HTTPS response and its observable headers. We do not exploit vulnerabilities, crawl pages, follow redirects, scan ports, bypass authentication, inspect private systems, review source code from the website scan, check dependencies, or prove that a site is secure.