// AI vulnerability scanner
Website Vulnerability Scanner & AI Countermeasures
A passive, non-invasive posture scan — security headers, TLS, cookies, email authentication (SPF/DMARC), server disclosure, and exposed-path misconfigurations — each paired with a concrete fix. No payloads are ever sent; this is the same kind of check a site owner runs on their own site.
Need to scan more sites?
Free includes 1 scan/month. Pro unlocks 100 scans/month plus the rest of the premium toolkit.
See Pro plans →Frequently asked questions
What does the vulnerability scanner check?
It passively reviews HTTP security headers, TLS/certificate posture, cookie flags, email authentication (SPF/DKIM/DMARC), and common exposure signals — then ranks the findings by risk.
Is the scan safe and passive?
Yes. It reads publicly available responses and configuration; it does not attack, exploit, or modify the target. You must confirm you own or are authorized to scan the site.
How many free scans do I get?
One scan per month is free. Pro raises the limit to 100 scans per month with history and exports.
What are AI countermeasures?
For each finding, the scanner can produce prioritized, plain-English remediation steps and copy-paste configuration so you can fix the highest-risk issues first.