Loading...
Loading...
A practical 10-step checklist every small business website owner should follow. Each step links to a free tool that checks it automatically. No registration, 100% passive.
Your website must use HTTPS everywhere. Free SSL certificates from Let's Encrypt make this a zero-cost fix. HTTPS encrypts all data and is a Google ranking signal.
Use HTTPS CheckerHTTP security headers protect against XSS, clickjacking, and MIME sniffing. At minimum, implement CSP, HSTS, X-Frame-Options, and X-Content-Type-Options.
Use Security Headers CheckerConfigure SPF, DKIM, and DMARC to prevent email spoofing. Without these, anyone can send email appearing to come from your domain.
Use SPF CheckerVerify your robots.txt is correctly configured. A misconfigured file can block search engines or expose private paths.
Use robots.txt ViewerRFC 9116 defines security.txt as the standard for vulnerability disclosure. Give researchers a way to contact you about security issues.
Use security.txt ValidatorCheck that HTTP-to-HTTPS redirects work correctly. Broken redirects can block search engines and frustrate visitors.
Use Redirect CheckerKnow what technologies your website exposes publicly. Outdated frameworks and server software are common attack vectors.
Use Tech Stack DetectorAttackers look for exposed backup files, .git directories, debug logs, and configuration files. A passive scan identifies these exposure points.
Use Website Trust ScannerEnsure your privacy policy accurately describes what data you collect. Mismatches between your policy and actual data collection create GDPR risk.
Use AI Privacy CheckSee how your website scores across all security dimensions. A 0-100 score with clear recommendations for improvement.
Use Trust ScoreGet a professional Website Trust & Security Snapshot — a clear, actionable report your business can rely on.