Our scanner checks for SSL/TLS issues, security headers (CSP, HSTS, X-Frame-Options), known vulnerabilities, outdated software, misconfigurations, XSS vulnerabilities, SQL injection risks, information exposure, authentication weaknesses, and more. We use OWASP guidelines and CVE databases.

Quick Scan: Basic security checks in under 30 seconds (SSL, headers, common issues). Standard Scan: Comprehensive analysis including vulnerability detection (2-5 minutes). Deep Scan: Full penetration-style testing with advanced checks (5-15 minutes). All scans are non-invasive and won't harm your website.

You should only scan websites you own or have explicit permission to test. Scanning websites without authorization may violate computer crime laws in your jurisdiction. Always get written permission before scanning third-party sites.

The security score (0-100) represents your website's overall security posture. 90-100: Excellent, 70-89: Good, 50-69: Fair, 30-49: Poor, 0-29: Critical. The score considers severity and quantity of issues found. Aim for 80+ for good security.

We recommend weekly scans for active websites and after any major updates. Websites handling sensitive data should be scanned more frequently. Set up regular scans to catch new vulnerabilities as they emerge.

Common SSL issues include: expired certificates, self-signed certificates, weak cipher suites, incomplete certificate chains, or mixed content (HTTP resources on HTTPS pages). Check our detailed report for specific recommendations.

Security headers are HTTP response headers that protect against common attacks. Key headers include: Content-Security-Policy (XSS protection), X-Frame-Options (clickjacking), HSTS (force HTTPS), X-Content-Type-Options (MIME sniffing). Missing headers leave your site vulnerable.

Yes! Our scanner detects WordPress installations and checks for outdated core, theme, and plugin versions. It also identifies common WordPress-specific vulnerabilities, misconfigurations, and security issues.

We detect major frameworks including WordPress, Laravel, Django, React, Angular, Vue.js, Node.js, PHP frameworks, Ruby on Rails, and more. Framework detection helps provide more relevant security recommendations.

Each issue in your report includes detailed remediation steps. Common fixes include updating software, adding security headers, fixing SSL configuration, removing information exposure, and implementing proper input validation. Contact support if you need help.

Yes! After scanning, you can download a PDF report or share a public link. Reports include all findings, severity levels, and recommendations. Premium users get branded reports and additional export formats.

Deep scans perform extensive checks that take time. Factors affecting scan time include: website size, server response time, number of pages, complexity of the application, and current server load. Standard timeouts are 30 minutes.

Our scans are designed to be non-invasive and lightweight. They send minimal requests and won't overload your server. However, very aggressive firewalls might temporarily block our scanner IP. Whitelist our IP if needed.

CVE (Common Vulnerabilities and Exposures) is a standardized list of known security vulnerabilities. When we find a CVE, it means a documented vulnerability exists with potential exploits. CVEs are ranked by severity (Critical, High, Medium, Low).

Free users can perform 3 Quick scans, 2 Standard scans, and 1 Deep scan per day. Paid plans offer increased limits: Basic (10/5/3), Pro (50/25/10), Enterprise (unlimited). Limits reset daily at midnight UTC.