Quick security checks — no signup required, no data stored.
Analyze HTTP security headers for any URL. Check for missing protections like CSP, HSTS, and X-Frame-Options.
Paste your code and detect leaked API keys, tokens, and credentials using 150+ secret patterns.
Verify your Supabase Row Level Security policies are properly configured and protecting your data.
Check SSL/TLS certificate validity, expiry date, issuer, and protocol configuration for any domain.
Test password strength with entropy calculation and improvement suggestions. 100% client-side.
Check SPF, DMARC, and MX records for any domain to verify email authentication and prevent spoofing.
Check if your email has been exposed in known data breaches. Find out if your credentials are compromised.
Check if a website has a valid security.txt for responsible vulnerability disclosure.
Generate Subresource Integrity hashes for scripts and stylesheets. Protect against CDN compromises.
Generate SHA-256, SHA-384, SHA-512, and SHA-1 hashes instantly. 100% client-side.
Encode and decode Base64 strings. Useful for debugging tokens and inspecting encoded data.