What does WebCheckApp scan for?

WebCheckApp runs up to 27 security scanners covering SSL/HTTPS, security headers, DNS & email security, OWASP Top 10, performance, content security, exposed files, open ports, TLS cipher strength, privacy & GDPR compliance, malware & reputation, accessibility, and more.

Is WebCheckApp free to use?

The Quick Scan is completely free — no account required. It covers 5 core security categories. For a deeper analysis with OWASP Top 10, malware detection, and 20+ more scanners, Pro Scan is available for €9.99 and Deep Scan for €29.99 per scan.

What is the difference between Quick, Pro, and Deep Scan?

Quick Scan (free) runs 5 basic scanners: SSL, headers, DNS, performance, and content. Pro Scan (€9.99) adds 15 more scanners plus an OWASP Top 10 analysis and PDF report. Deep Scan (€29.99) includes everything in Pro plus 7 advanced penetration-style checks like directory discovery, XSS reflection testing, and HTTP method analysis.

What is the OWASP Top 10?

The OWASP Top 10 is a globally recognized standard for web application security risks, published by the Open Web Application Security Project. It covers the ten most critical security vulnerabilities including broken access control, cryptographic failures, injection attacks, and more. Our Pro and Deep scans map your results against all ten OWASP categories.

How long does a security scan take?

A Quick Scan completes in about 15 seconds. A Pro Scan takes 30-60 seconds. A Deep Scan with all 27 scanners typically finishes in 60-90 seconds. Results are displayed in real-time as each check completes.

Do I need to install anything on my website?

No. WebCheckApp scans your website from the outside, just like a visitor or search engine would. No software installation, code changes, or server access is required.

Is my website data stored or shared?

Scan results are stored so you can access your report later and compare it with future scans. We do not share your scan data with third parties. Only publicly accessible information is checked during a scan.

Can I monitor my website continuously?

Yes. Create a free account and add up to 10 sites to your monitoring dashboard. You can rescan sites at any time, track score changes over time, and get notified when your security score drops or your SSL certificate is about to expire.

How accurate are the scan results?

Our scanners check publicly accessible information using the same methods as attackers and search engines. Results are highly accurate for external security posture. However, some server-side configurations (like internal rate limiting or WAF rules) may not be fully detectable from the outside. We recommend using scan results as a starting point and consulting a security professional for internal audits.

Can I get a refund if I'm not satisfied?

If you experience technical issues with a paid scan (e.g. the scan fails to complete), please contact us and we will resolve the issue or provide a refund. Since scan results are delivered instantly, we cannot offer refunds for completed scans.

Is WebCheckApp suitable for GDPR compliance checks?

WebCheckApp includes privacy and GDPR checks in Pro and Deep scans, covering cookie consent detection, privacy policy presence, third-party tracker analysis, and cookie compliance. While this provides a good starting point, full GDPR compliance requires legal review. For comprehensive compliance audits, visit our partner BudgetPixels.nl.

Can I use WebCheckApp for client reports?

Yes. Pro and Deep scans include a downloadable PDF report with an executive summary, OWASP Top 10 analysis, and detailed findings with fix recommendations. Many agencies and freelancers use these reports for client security assessments and proposals.

What payment methods do you accept?

We accept credit/debit cards (Visa, Mastercard, American Express) and iDEAL (for Dutch bank accounts) through our secure payment partner Stripe. All payments are processed securely — we never see or store your card details.

Free quick scan - Pro & Deep scans available

Is your website
actually secure?

Scan any website in seconds. Get a detailed security report with score, grade and clear steps to fix every issue found.

SSL - Headers - DNS - OWASP Top 10 - Malware - Ports - Privacy and more

Websites scanned

Security scanners

1500+

Individual checks

Free

Quick scan

www.mvse-it.com A- 2 hours ago www.mvse-it.com A- 3 hours ago www.mvse-it.com A- 3 hours ago www.mvse-it.com A- 3 hours ago www.mvse-it.com A- 4 hours ago mvse-it.com A- 4 hours ago mvse-it.com A- 4 hours ago pn-lubuksikaping.go.id D+ 4 hours ago app.getswift.cloud C- 4 hours ago pn-padang.go.id C- 4 hours ago www.mvse-it.com A- 2 hours ago www.mvse-it.com A- 3 hours ago www.mvse-it.com A- 3 hours ago www.mvse-it.com A- 3 hours ago www.mvse-it.com A- 4 hours ago mvse-it.com A- 4 hours ago mvse-it.com A- 4 hours ago pn-lubuksikaping.go.id D+ 4 hours ago app.getswift.cloud C- 4 hours ago pn-padang.go.id C- 4 hours ago

SSL Valid

HSTS On

SPF Pass

No Malware

DMARC Pass

No Open Ports

TLS 1.3

CSP Set

Simple & fast

How it works

No installation. No account. Just type a domain and get a full security report within seconds.

Enter a domain

Paste any URL or domain name — example.com works just fine. No account or sign-up required.

Scanners run

We run up to 27 security scanners — SSL, DNS, headers, malware, exposed files, open ports, privacy, accessibility and more.

Get your report

A security score from 0–100, letter grade A+–F, and a prioritised list of issues with exact steps to fix each one.

What you get

A real security report

Every scan produces a complete, readable report you can share with your team or client.

87/100

example.com

SSL ✓ Headers ✓ DNS ✓ No Malware ✓ 2 warnings

SSL & HTTPS

Security Headers

DNS & Email

Performance

Malware & Blacklists

100

Open Ports

Privacy & GDPR

Trust & WHOIS

This is a sample report. Run a scan to see real results for your site.

Real results

From D to A+ in one afternoon

Most security issues are quick to fix once you know what they are. Here is a real example of what a single scan can uncover.

D 42

Before scan

Score: 42/100

No HTTPS redirect configured

HSTS header missing

No SPF or DMARC records

Server version exposed

.env file publicly accessible

No Content-Security-Policy

A+ 96

After fixes

Score: 96/100

HTTPS with auto-redirect enabled

HSTS with 1-year max-age

SPF + DMARC reject policy

Server header removed

.env blocked via server config

Strict CSP implemented

All fixes were implemented in under 2 hours using only the recommendations from our report.

Comprehensive

What we check

27 security, performance and privacy categories — 1500+ individual checks per scan.

SSL & HTTPS

Certificate validity, HSTS, TLS version, weak ciphers and forced redirect.

Valid certificate HSTS enabled TLS 1.3 No weak ciphers

Security Headers

HTTP response headers that protect against common browser-based attacks.

Content-Security-Policy X-Frame-Options Referrer-Policy COOP / COEP

DNS & Email

Email spoofing protection and DNS hardening for your domain.

SPF record DMARC policy DKIM selector DNSSEC CAA record

Performance

Speed, compression and discoverability checks.

Response time Gzip / Brotli robots.txt Sitemap.xml

Content & CMS

Mixed content, version leaks and open redirect vulnerabilities.

Mixed content WP version leak Admin exposure Open redirect SRI checks

Technology

Identify the full tech stack running on the site.

CMS & e-commerce JS frameworks (Astro, Qwik, Remix…) CSS frameworks CDN / WAF HTTP/2

Malware & Blacklists

Cross-referenced against multiple threat intelligence feeds.

Google Safe Browsing URLhaus Spamhaus ZEN OpenDNS

Open Ports

Detects exposed services that should never face the public internet.

MySQL / Redis / MongoDB Kubernetes API (6443) Prometheus (9090) Docker API (2375)

Exposed Files

Publicly accessible files that leak secrets or server internals.

.env file .git directory phpinfo.php Backup files

Privacy & GDPR

Cookie consent, tracking presence and privacy documentation.

Cookie consent Privacy policy Tracker detection GDPR signals

Trust & WHOIS

Domain age, registrar, expiry date and nameserver information.

Domain age Expiry date Registrar Name servers

Accessibility

Basic accessibility checks for inclusivity and usability compliance.

Alt text on images Lang attribute Viewport meta Heading structure

TLS / Cipher Suite

Deep dive into TLS protocol versions and cipher suite configuration.

TLS 1.2 / 1.3 only ECDHE ciphers Forward secrecy No weak ciphers

Robots & Crawling

Validates robots.txt rules and checks for sitemap availability.

robots.txt present Sitemap.xml Crawl rules Disallow check

API Security

Detects exposed API endpoints and common security misconfigurations.

Swagger / OpenAPI exposed GraphQL introspection OpenID Connect metadata JWKS endpoint

Carbon Footprint

Estimates the environmental impact and green hosting status of the site.

CO₂ per visit Green hosting Page weight Efficiency rating

Broken Links

Crawls the homepage and checks for broken links and redirect chains.

404 detection External links Redirect chains Anchor tags

Branding

Checks for favicon, Open Graph tags and social media presence.

Favicon Open Graph Twitter Card Apple touch icon

Subdomain Takeover

Detects dangling DNS records that could be hijacked by attackers.

CNAME dangling Vercel / Render / Railway GitHub Pages / Netlify Firebase / Fly.io

Built for everyone

More than just a scan

Tools built for developers, agencies and site owners who care about security.

PDF Export

Download a professional PDF report for your records or to share with clients and management.

Side-by-side compare

Compare two websites head to head across all categories — perfect for competitive analysis or pre/post audits.

Try compare →

Embed badge

Show your security grade on your own site with a live SVG badge that auto-updates when you rescan.

Public JSON API

Integrate scans into your own tools, dashboards or CI/CD pipelines. Free, no authentication needed.

View API docs →

Monitoring & alerts

Create free account →

GitHub Action

Add security scanning to your CI/CD pipeline. Fail the build automatically when the score drops below your threshold.

Choose your scan

Simple, transparent pricing

Start free. Upgrade when you need deeper analysis or OWASP compliance reporting.

Quick Scan

Basic security check

Free

5 security scanners
SSL, Headers, DNS, Performance, Content
No account required
OWASP Top 10 analysis
PDF report

Start free scan

Pro Scan

Complete security analysis

€9,99

per scan

20 security scanners
OWASP Top 10 analysis
Malware, Ports, Exposed Files
Privacy, Accessibility, API Security
PDF report + dashboard

Get Pro Scan

Deep Scan

Advanced penetration checks

€29,99

per scan

27 security scanners
Everything in Pro +
Directory brute-force
XSS reflection testing
Error disclosure, HTTP methods, Session, Email, Cookies

Get Deep Scan

Need more?

Professional pentest or security audit?

Our experts at BudgetPixels perform manual penetration tests, security audits with source code review, and AVG/GDPR compliance checks.

View professional services →

HTTPS encrypted

Secure payments via Stripe

GDPR compliant

Results in seconds

No data shared with third parties

Trusted by developers & agencies

What people say

Used by security-conscious teams and developers worldwide.

"We run WebCheckApp on every client site before handoff. The report is clear enough to share with non-technical stakeholders and detailed enough for our dev team."

Mark de Vries

CTO, Digital Agency

"I added the security badge to our README and pointed our sysadmin at the report. Two days later our HSTS and CSP were fixed. Couldn't have been easier."

Sarah Klement

Full-stack Developer

"Love the compare feature. We scanned our site against a competitor and found three header issues they had already fixed. Great motivation for the team."

James Okonkwo

Security Engineer

"The OWASP Top 10 report alone is worth the Pro price. We used it to pass a client security audit without hiring an external consultant. Saved us thousands."

Lisa van den Berg

Lead Developer, SaaS Startup

"I use the Deep Scan for every new client during onboarding. The PDF report looks professional enough to include in our proposals. Clients love it."

Robert Janssen

Freelance Web Consultant

"Finally a scanner that checks for things that actually matter. The health check at the top makes it easy to explain results to non-technical managers."

Anna Kowalski

IT Manager, E-commerce

Free quick scan — no account needed

Scan your website now

Find out what attackers see when they look at your site. Free quick scan in 15 seconds, or upgrade for OWASP Top 10 and deep analysis.

Or create a free account to monitor your sites and get weekly alerts.

Is your website actually secure?

How it works

Enter a domain

Scanners run

Get your report

A real security report

From D to A+ in one afternoon

What we check

SSL & HTTPS

Security Headers

DNS & Email

Performance

Content & CMS

Technology

Malware & Blacklists

Open Ports

Exposed Files

Privacy & GDPR

Trust & WHOIS

Accessibility

TLS / Cipher Suite

Robots & Crawling

API Security

Carbon Footprint

Broken Links

Branding

Subdomain Takeover

More than just a scan

PDF Export

Side-by-side compare

Embed badge

Public JSON API

Monitoring & alerts

GitHub Action

Simple, transparent pricing

Quick Scan

Pro Scan

Deep Scan

Professional pentest or security audit?

What people say

Scan your website now

Is your website
actually secure?