Website Security Scanner for Australian Small Businesses
Quick, affordable scans that uncover hidden website threats
> At risk? Run a free scan. If issues are found, unlock your expert-grade report with code fixes - just $399
Scan Your Website
No Scan Results Yet
> Enter your website URL to run a free security scan.
Fast & Simple
See how many security issues you have with a free basic scan. Get a full analysis & code fixes in your paid report.
One-Time Payment
Just $399 for a full security report. No subscriptions, no hidden fees — just peace of mind.
No Tech Skills Needed
Enter your website URL — we scan it, and you download the full report with code fixes instantly. No tech skills needed.
Our Comprehensive Security Scan. 50+ threats analysed.
SSL/TLS Security
We examine certificate expiration, protocol versions, and redirection configuration.
- • Certificate expiration detection
- • Insecure protocol identification
- • HTTP to HTTPS redirection
- • HSTS header presence
Security Headers
We check for the presence and configuration of HTTP security headers.
- • Content-Security-Policy presence
- • X-Frame-Options configuration
- • X-Content-Type-Options header
- • Strict-Transport-Security setting
- • X-XSS-Protection header
- • Referrer-Policy configuration
Cookie Security
We analyze cookie attributes and configurations in HTTP responses.
- • Secure flag presence
- • HttpOnly flag detection
- • SameSite attribute check
- • Cookie expiration analysis
- • Cookie prefix examination
Exposed Files
We attempt to access files that should be protected from public access.
- • Environment file detection
- • Git repository file access
- • Configuration file exposure
- • Backup file presence
- • Server information exposure
- • Directory listing detection
OWASP Vulnerabilities
We examine HTML patterns for indicators of common security issues.
- • Form validation patterns for XSS
- • CSRF token presence in forms
- • URL parameter examination
- • Cookie security configuration
- • Directory access attempts
- • JavaScript library version checks
Exposed Secrets
We search for patterns that match credentials in client-accessible code.
- • API key pattern detection
- • Credential string identification
- • Database connection string patterns
- • JWT token presence
- • Access token pattern matching
- • Environment variable exposure
WordPress Security
For WordPress sites, we check specific WordPress security configurations.
- • WordPress version identification
- • Known vulnerable plugin detection
- • Configuration file accessibility
- • XML-RPC endpoint security
- • Login endpoint protection
- • Information file exposure
Supabase Security
We identify Supabase implementations and check key exposure risks.
- • Anon key pattern detection
- • Row-Level Security indicators
- • Error handling pattern checks
- • Access control indicators
- • Database credential pattern detection
Stripe Integration
We check for secure Stripe implementation patterns.
- • API key pattern detection
- • HTTPS protocol with Stripe.js
- • Webhook signature pattern checks
- • Test key detection in production
API Security
We examine API response headers for security configurations.
- • Rate limiting header presence
- • Rate limit parameter detection
- • Reset period header analysis
- • Retry-after header checks
- • Security-related API headers
Frequently Asked Questions
Disclaimer: SafeCheck.au is an automated security scanning tool designed to identify common security vulnerabilities at the time of scanning. Security issues may arise between scans or may not be detectable by our automated tools.
This service is provided "as is" without warranty of any kind. SafeCheck.au is not a replacement for a comprehensive security program or professional penetration testing. We recommend implementing additional security measures and regular testing for mission-critical applications.