Free website security checker
Check your website's security posture in seconds. WebAnalizer tests for HTTPS, HSTS, a Content-Security-Policy and the full set of HTTP security headers, then gives you an instant security score out of 100 and the exact gaps to close. Free, no signup to see your result.
What we check for security
HTTPS & valid TLS
That your site is served over HTTPS — the baseline for trust, SEO and every other security header.
HSTS
Strict-Transport-Security, which forces browsers to always use HTTPS and blocks downgrade attacks.
Content-Security-Policy
A CSP that limits what scripts and resources can run, mitigating cross-site scripting (XSS).
X-Content-Type-Options
Stops browsers from MIME-sniffing responses into an unintended, riskier content type.
Referrer & frame policy
Referrer-Policy and X-Frame-Options / frame-ancestors to control leakage and clickjacking.
Permissions-Policy
Restricts powerful browser features (camera, geolocation, etc.) to only what your site needs.
How do I know if my website is secure?
Start with the headers your server sends. A quick, free scan like WebAnalizer's checks whether you're on HTTPS and whether the key security headers — HSTS, CSP, X-Content-Type-Options, frame protection and more — are present and sensible. Missing headers are the most common, easily-fixed gaps that leave otherwise-fine sites exposed to XSS, clickjacking and downgrade attacks.
Why security headers matter
Security headers are a cheap, high-leverage layer of defense: a few lines of server config that browsers enforce on every visitor. They protect your users, and they're a trust and SEO signal too — HTTPS is a confirmed ranking factor, and a well-secured site is less likely to be flagged or blacklisted. Most sites are missing several of them simply because no one checked.
A first pass, not a penetration test
This is a fast configuration check, not a full security audit or penetration test. It catches the header-level and transport gaps that account for a large share of real-world issues and are quick to fix. For anything handling sensitive data, pair it with a proper security review — but close the obvious gaps first.
Frequently asked questions
How do I check my website for security issues?
Paste your URL into WebAnalizer's free security checker. It tests for HTTPS, HSTS, CSP and the other HTTP security headers and returns a security score out of 100 with the specific gaps to fix — no signup needed.
What security headers should my website have?
At minimum: HTTPS with HSTS, a Content-Security-Policy, X-Content-Type-Options: nosniff, a Referrer-Policy, frame protection (X-Frame-Options or frame-ancestors) and a Permissions-Policy. WebAnalizer flags which of these you're missing.
Does WebAnalizer check if my site was hacked?
It checks your site's security configuration — headers, HTTPS and transport security — which is where most preventable risk lives. It isn't a malware scanner, so pair it with a dedicated malware/uptime monitor if you suspect a compromise.
Is HTTPS enough for security?
HTTPS is the essential baseline but not the whole story. Without headers like HSTS and CSP, an HTTPS site can still be vulnerable to downgrade attacks and cross-site scripting. WebAnalizer scores the full header set, not just HTTPS.