Website Security Test

Free online tool to test website security
  • GDPR & PCI DSS Test
  • Website CMS Security Test
  • CSP & HTTP Headers Check
  • WordPress & Drupal Scanning
168,308,251websites tested for security

ImmuniWeb Community Edition - Website Security Test

The ImmuniWeb® Community Edition is collection of free online tools provided by ImmuniWeb SA pursuant to these Terms of Service for small and medium businesses, municipal and local governments, colleges and universities, students and individual software engineers, as well as to other entities, to help them make their applications more secure, reduce their cyber risks and improve their cybersecurity posture, data protection and privacy practices.

Free Use Daily Limits

ImmuniWeb Community Edition provides a free use of the Website Security Test with the following daily limits:

Account typeTests per dayMonthly subscription
No Account10Free
Free Account15Free

For increased number of daily tests, you can purchase an API key with its increased limits applied to the web interface as well.

Website Security Test Scope and Coverage

The Website Security Test is a free online tool to perform web security and privacy tests:

  • Non-intrusive GDPR compliance check related to web application security.
  • Non-intrusive PCI DSS compliance check related to web application security.
  • Analysis of CMS and its components for outdated versions and publicly-known vulnerabilities.
  • Analysis of HTTP methods that may put web server, web application or website visitors at risk.
  • Detailed analysis (syntax, validity, trustworthiness) of HTTP security headers:
    • Server
    • Strict-Transport-Security (also known as HSTS)
    • X-Frame-Options
    • X-Powered-By
    • X-Content-Type-Options
    • X-AspNet-Version
    • Content-Security-Policy (also known as CSP)
    • Access-Control-Allow-Origin
    • Content-Security-Policy-Report-Only
    • Referrer-Policy
    • Permissions-Policy
  • Analysis of altered, and thus potentially malicious, JS libraries.
  • Analysis of domains from which the website fetches content
  • Analysis of Subresource Integrity (SRI) of fetched content
  • Analysis of ViewState for misconfigurations and security weaknesses.
  • Analysis of web application cookies for security flags.
  • Verification of DNSSEC implementation to ensure the domain name's security and integrity.
  • Detection of WAF presence.

References & How-To's

HTTP Headers

HTTP Methods

Cookies

How-To's

Acknowledgements

The following security experts helped us improve this free product:

  • Alex H.
  • Anik, Store Republic
  • Doug Nelson
  • Freddie Leeman
  • Gunnar Schwant
  • Ibtihaaj Khurram
  • Joseph Guay, Korem Geospatial
  • Kelley Hugh, Sompo International

IP Ranges

IP ranges of our outbound servers are:

  • 192.175.111.224/27
  • 64.15.129.96/27
  • 70.38.27.240/28
  • 72.55.136.144/28
Website
Privacy Test
Cloud
Security Test
Email
Security Test
Mobile App
Security Test
Dark Web
Exposure Test
SSL
Security Test

Why Choosing
ImmuniWeb® AI Platform

Feel the difference. Get the results.

Reduce Complexity
All-in-one platform for 20
synergized use cases
learn more
Optimize Costs
All-in-one model & AI automation
reduce costs by up to 90%
learn more
Validate Compliance
Letter of conformity from law firm
confirming your compliance
learn more