Scan any website for security vulnerabilities in seconds — HTTPS enforcement, missing security headers, cookie flags, and 15+ other critical signals. Free, no login required.
No account required. Results in under 60 seconds.
SiteReveal checks every HTTP response header and security configuration that affects your site's vulnerability profile.
Verifies HTTPS is enforced and checks TLS version (TLS 1.2+ required; TLS 1.0/1.1 are deprecated).
Checks for a CSP header — the primary defence against cross-site scripting (XSS) attacks.
HTTP Strict Transport Security forces browsers to use HTTPS and prevents protocol downgrade attacks.
Prevents your site from being embedded in iframes on other domains — stops clickjacking attacks.
Checks that session cookies have Secure, HttpOnly, and SameSite flags set correctly.
Controls how much referrer information is sent with requests — protects user privacy and internal URLs.
The full SiteReveal WIS™ report covers security, performance, SEO, technology stack, accessibility, and conversion — with an AI-generated remediation plan and a branded PDF report.
SiteReveal checks HTTPS enforcement, TLS version, Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and cookie security flags (Secure, HttpOnly, SameSite).
Yes. All checks are passive — SiteReveal reads publicly available HTTP headers and page content. No credentials or access are required.
HTTPS is necessary but not sufficient. Many sites with HTTPS are still missing critical security headers like CSP and HSTS, which protect against XSS attacks, clickjacking, and protocol downgrade attacks.
The full SiteReveal report includes an AI-generated remediation plan with specific code snippets and configuration examples for each issue. For agencies, the branded PDF report can be sent directly to clients.
