Website Security Test

  • GDPR & PCI DSS Test
  • Website CMS Security Test
  • CSP & HTTP Headers Check
  • WordPress & Drupal Scanning
Free online tool to test website security
129,204,659websites tested for security

ImmuniWeb Community Edition - Website Security Test

The Website Security Test is a free online tool to perform web security and privacy tests:

  • Non-intrusive GDPR compliance check related to web application security.
  • Non-intrusive PCI DSS compliance check related to web application security.
  • Analysis of CMS and its components for outdated versions and publicly-known vulnerabilities.
  • Analysis of HTTP methods that may put web server, web application or website visitors at risk.
  • Detailed analysis (syntax, validity, trustworthiness) of HTTP security headers:
    • Server
    • Strict-Transport-Security (also known as HSTS)
    • X-Frame-Options
    • X-Powered-By
    • X-Content-Type-Options
    • X-XSS-Protection
    • X-AspNet-Version
    • Content-Security-Policy (also known as CSP)
    • Access-Control-Allow-Origin
    • Content-Security-Policy-Report-Only
    • Referrer-Policy
    • Permissions-Policy
  • Analysis of altered, and thus potentially malicious, JS libraries.
  • Analysis of ViewState for misconfigurations and security weaknesses.
  • Analysis of web application cookies for security flags.
  • Detection of domain’s presence in various Blacklists.
  • Detection of Cryptojacking within JS code.
  • Detection of WAF presence.

References & How-To's

Acknowledgements

The following security experts helped us improve this free product:

  • Alex H.
  • Anik, Store Republic
  • Doug Nelson
  • Freddie Leeman
  • Gunnar Schwant
  • Ibtihaaj Khurram
  • Joseph Guay, Korem Geospatial
  • Kelley Hugh, Sompo International

IP Ranges

IP ranges of our outbound servers are:

  • 192.175.111.224/27
  • 64.15.129.96/27
  • 70.38.27.240/28
  • 72.55.136.144/28
  • 72.55.136.192/28
  • 108.163.142.208/28
  • 209.172.38.160/27