Website Security Test

  • GDPR & PCI DSS Test
  • Website CMS Security Test
  • CSP & HTTP Headers Check
  • WordPress & Drupal Scanning
Free online tool to test website security
129,202,251websites tested for security

Free API

ImmuniWeb Community Edition provides a free API for the Website Security Test. It shares the number of tests performed via web interface.

Account typeTests per dayMonthly subscription
No Account10Free
Free Account20Free

Premium API

ImmuniWeb Community Edition also provides a premium API for a higher number of tests via API or web interface:

Select packageTests per dayMonthly subscription
The number of API requests will be available via web interface under your account
The number of API requests will be shared among all users with the same domain name as your account
Total: $199
Get in touch for details.

Public schools, local governments and non-for-profit organizations may request a free access to the premium API.

API Documentation

API Specifications

Field NameValue
Request TypePOST
URL[ustamp].html - where "ustamp" is an arbitrary UNIX time-stamp (must be an integer). Such construction is done to prevent caching on client side.

POST Data Specification

Field NameValue
api_key secret token which you submit alongside with the request
tested_urlthe URL of the domain to be tested.
dnsr"on" means that test results will be hidden, "off" means that test results will be displayed in statistics.
choosen_ipIP address of tested server (if tested domain resolves to multiple addresses).
recheck"false" will either use the results from the cache, or start a new test if the target has never been scanned.
"true" will start a new test without checking the cache. Please note that you will also need to supply an API key to successfully make the request.
tokenvalue of the token sent by the server if the tested domain is resolved into several IP addresses.

Example of Transaction Using CURL

New test (not cached)
curl -d "" ""
"job_id": "2a9e1f1bc92dc0c7a4bde930dff488771eea6d36988208d34163c5496227b8dc",
"status": "test_started",
"status_id": 1,
"message": "Test has started"
curl -d "job_id=2a9e1f1bc92dc0c7a4bde930dff488771eea6d36988208d34163c5496227b8dc" ""
"job_id": "2a9e1f1bc92dc0c7a4bde930dff488771eea6d36988208d34163c5496227b8dc",
"status": "in_progress",
"status_id": 2,
"message": "Your test is in progress"
New test (cached)
curl -d "" ""
"test_id": "c84936eef26eeb8aaef5ffc43f38ddb91adfd90ac27fb416bd0b21fe2edb1004",
"status": "test_cached",
"status_id": 3,
"message": "Test is cached"
curl -d "id=c84936eef26eeb8aaef5ffc43f38ddb91adfd90ac27fb416bd0b21fe2edb1004" ""
{ ... }
Example with error
curl -d "tested_url=" ""
"error": "Domain name was resolved in an invalid IP address",
"error_name": "invalid_ip_resolved",
"error_id": 16
Download PDF
curl -d "api_key=your_api_key""" > report.pdf