Website Security Test: About

Test your website security vulnerabilities, privacy issues, GDPR and PCI DSS compliance
Free online tool with PDF report
  • Web Software Detection
  • Website Privacy Check
  • Website Vulnerability Scan
  • HTTP Headers & CSP Test
  • WordPress & Drupal Scanning
  • AI Bot Protection Test
Free online tool with PDF report
185,735,992 tests performed

Website Security Test

The ImmuniWeb® Community Edition is a collection of free online tools provided by ImmuniWeb SA pursuant to these Terms of Service for small and medium businesses, municipal and local governments, colleges and universities, students and individual software engineers, as well as to other entities, to help them make their applications more secure, reduce their cyber risks and improve their cybersecurity posture, data protection and privacy practices.

Website Security Test: Scope and Coverage

The Website Security Test is a free online tool to perform web security and privacy tests:

  • Non-intrusive GDPR compliance check related to web application security.
  • Non-intrusive PCI DSS compliance check related to web application security.
  • Analysis of Protection from Data Scraping.
  • Analysis of CMS and its components for outdated versions and publicly-known vulnerabilities.
  • Analysis of HTTP methods that may put web server, web application or website visitors at risk.
  • Detailed analysis (syntax, validity, trustworthiness) of HTTP security headers:
    • Server
    • Strict-Transport-Security (also known as HSTS)
    • X-Frame-Options
    • X-Powered-By
    • X-Content-Type-Options
    • X-AspNet-Version
    • Content-Security-Policy (also known as CSP)
    • Access-Control-Allow-Origin
    • Content-Security-Policy-Report-Only
    • Referrer-Policy
    • Permissions-Policy
    • Cache-Control
    • Clear-Site-Data
    • X-Permitted-Cross-Domain-Policies
    • Cross-Origin-Resource-Policy (also known as CORP)
    • Cross-Origin-Opener-Policy (also known as COOP)
    • Cross-Origin-Opener-Policy-Report-Only
    • Cross-Origin-Embedder-Policy (also known as COEP)
    • Cross-Origin-Embedder-Policy-Report-Only
    • Reporting-Endpoints
  • Analysis of altered, and thus potentially malicious, JS libraries.
  • Analysis of domains from which the website fetches content
  • Analysis of Subresource Integrity (SRI) of fetched content
  • Analysis of ViewState for misconfigurations and security weaknesses.
  • Analysis of web application cookies for security flags.
  • Verification of DNSSEC implementation to ensure the domain name's security and integrity.
  • Detection of WAF presence.

References & How-To's

HTTP Headers

HTTP Methods

Cookies

How-To's

Acknowledgements

The following security experts helped us improve this free product:

  • Alex H.
  • Anik, Store Republic
  • Doug Nelson
  • Freddie Leeman
  • Gunnar Schwant
  • Ibtihaaj Khurram
  • Joseph Guay, Korem Geospatial
  • Kelley Hugh, Sompo International

IP Ranges

IP ranges of our outbound servers are:

  • 192.175.111.224/27
  • 64.15.129.96/27
  • 70.38.27.240/28
  • 72.55.136.144/28

Need More? Upgrade to ImmuniWeb® AI Platform

Get x10 more findings with 24/7 remediation support and ensure compliance:

ImmuniWeb® Discovery
ImmuniWeb® Discovery
Continuous Threat
Exposure Management
ImmuniWeb® On-Demand
ImmuniWeb® On-Demand
Compliance-Ready Web
Penetration Testing
ImmuniWeb® Continuous
ImmuniWeb® Continuous
Continuous Application
Penetration Testing & PTaaS
FREE DEMO
Website
Privacy Test
Email
Security Test
Mobile App
Security Test
SSL
Security Test
Dark Web and
Threat Exposure Test