How to use

Paste the URL of your site on the home page, choose Standard or Deep, and press Run scan. The Standard scan covers common misconfigurations and leaks in about 15–25 seconds. The Deep scan runs more exhaustive probes and can take up to 90 seconds.

If your site is not publicly hosted yet, use the Scan code & files option instead to paste or upload HTML, JS, and CSS files.

Click Scan code & files instead below the URL form (or go to the code scanner). You can paste raw code or upload up to 20 files (200 KB each, 1.5 MB total). We analyse them in memory for exposed secrets, risky patterns, and missing security controls. Files are never stored on our servers.

When the scan finishes you get an overall score out of 100 and a coloured ring that tells you the general shape of the result at a glance:

The score is a weighted summary of what was found. It is not a pass/fail certificate; a lower score simply means more issues were detected and should be reviewed.

Each issue is tagged with a severity that indicates how urgently you should look at it:

• Critical / High — Likely exploitable or clearly misconfigured. Fix these first.
• Medium — Worth fixing in your next maintenance window.
• Low / Info — Minor or informational. Address when convenient.

The report has a Simple view for a plain-language summary, and an Advanced view that shows technical details, evidence, and references. Switch between them at any time.

If you want to fix the findings with an AI coding assistant (Claude, ChatGPT, Cursor, etc.), click Download fix prompts on the results page. The file contains each finding turned into a copy-pasteable prompt that describes the issue, the evidence, and the recommended fix. You can paste these directly into whichever agent you are using to build or maintain your site.

The prompts are written to be self-contained: they include the severity, a description of the problem, observed evidence, and a suggested approach, so the agent has enough context to resolve the issue without extra back-and-forth.