Question 1

Is the security audit safe to run on my site?

Accepted Answer

Yes. The audit is passive — it only reads publicly observable information (HTTP response headers, TLS handshake, public DNS records, rendered HTML). No SQL injection probes, no XSS payloads, no port scans. It will not trigger your WAF or intrusion detection system.

Question 2

How long does a scan take?

Accepted Answer

Typically 10 to 20 seconds. The audit runs all fetches in parallel (homepage, robots.txt, security.txt, TLS handshake, DNS lookups) and queries the NVD vulnerability database for detected software versions with results cached for 24 hours.

Question 3

What does it cost?

Accepted Answer

10p per scan, deducted from your account credit balance. No subscription required. Account creation is free.

Question 4

What does the audit check?

Accepted Answer

23 checks across 9 families: HTTP security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy), TLS configuration (validity, expiry, protocol), cookie security flags (Secure, HttpOnly, SameSite), mixed content, server fingerprinting, known CVEs via NIST NVD, CMS detection, mail security DNS (SPF, DMARC, DKIM) and robots.txt / security.txt presence.

Question 5

How do I fix the findings?

Accepted Answer

After your audit, see the platform-specific fix guides at /aipageseo-demo-pages/security-audit-fixes-index.html for Plesk, WordPress and other servers, plus beginner and expert walkthroughs.

🛡 Website Security Audit

Sign in