Loading…
Loading…
Free website security check
Find out free in seconds with a 0–100 score and a plain-English list of what to fix first. No sign-up, no card.
Scorifya watches your site every day.
Free website security check
A free 0–100 score in seconds, in plain English, with what to fix first. No sign-up, no card.
Most websites aren’t as secure as they look. See where yours lands.
Build or manage sites for clients? Scan every site you ship and hand them a clear security score.
Trusted to score real sites
Scores sites like Stripe · GitHub · Shopify · Google · GitLab · Etsy · Cloudflare · Notion, and thousands more.
More than a scanner
Start with a free score, watch a site for free, then turn on always-on monitoring when you’re ready. No lock-in at any step.
Get a 0–100 security score for any site in seconds.
Don’t scan once. Keep one site monitored, free.
Monitor every domain and catch problems early.
Bring your team into the same security view.
Scorifya Solo · 7-day free trial
$29/mo after the trial. Cancel anytime.
More than a score
A scan is a snapshot. Scorifya re-checks your site every day so you hear about a change the moment it happens.
Not ready to scan?
New exploited-vulnerability (KEV) notices and any score changes on the domains you choose to watch, one email a week. One click to unsubscribe.
By subscribing you confirm you can receive transactional security updates from Scorifya at this email.
Six common website security risks, why each one matters, and how a Scorifya scan checks your site for them, backed by published research.
In plain terms: is your site served securely, can attackers impersonate your email, and is anything exposed that shouldn’t be? We grade six areas and roll them into one 0–100 score. The technical detail is below if you want it.
Certificate validity and expiry horizon, weak public-key sizes, cipher quality, TLS 1.0/1.1 acceptance, and HTTP→HTTPS redirect coverage.
HSTS (plus live preload-list verification), fine-grained CSP grading (unsafe-inline, unsafe-eval, wildcards, object-src, report-only), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP, CORP, and third-party script SRI coverage.
security.txt (RFC 9116), robots.txt analysis, verbose server banners, directory listings, sensitive path probes, origin-IP exposure behind CDN/WAF, and a passive tech-stack fingerprint.
Secure / HttpOnly / SameSite on session-like cookies when visible in response headers.
SPF, DMARC (with parent-domain heuristic), common DKIM selectors, MX, CAA, MTA-STS, TLS-RPT, BIMI, DNSSEC validation, Certificate Transparency log discovery, and subdomain-takeover detection, no port scan.
Installer and setup-config endpoint exposure, REST user enumeration (/wp-json/wp/v2/users), XML-RPC, and readme.html version disclosure.
Full methodology: How Scorifya works , published category weights, per-finding penalties, and the boundaries of a public scan.
Scorifya Solo · 7-day free trial
A scan tells you where you stand today. Solo keeps watching, so you hear about a dropped score, an expiring certificate, a spoofed sender, or a new blocklisting before your customers do.
Scorifya Controls
Self-hosted. Flat fee. 38 automated checks mapped to both AICPA TSC 2017 and PCI DSS 4.0.1, 28 manual controls with evidence tracking, running on your own infrastructure with no per-seat licensing.
Free · no signup
Ten focused tools. Most run the same engine as the full score, narrowed to one question. One adds a passive attack-surface map. Use them à la carte, or run the complete scan above.
Web hardening
Email & domain
All ten live at /tools.
Free · share it
Every scan comes with an embeddable badge that shows your live score and links back. Drop it on your site, docs, or README, good security markets itself.
One line to embed
<a href="https://www.scorifya.com/scan/yourdomain.com">
<img src="https://www.scorifya.com/badge/yourdomain.com.svg"
alt="Website security score" width="200" height="40" />
</a>Standalone checkers, deploy-ready hardening recipes, and the live KEV vulnerability feed.
How we differ from deep TLS graders, browser-focused posture tools, and header-only checkers: read the comparison.
Jump straight to the most common security questions people Google, with the same scan tool embedded.
New scans, quick security tips, and a weekly leaderboard of real sites. Pick your platform.