Audit any site's
security config in seconds.
WebSec0 inspects TLS configuration, HTTP security headers and custom checks (security.txt, robots.txt). Two grades, actionable findings, copy-paste fixes — all from a single hostname.
Recent public scans
See all history →Every protocol, every cipher
Enumerates TLS 1.0 through 1.3, plus SSLv2/SSLv3 via raw probes. Detects server vs client cipher preference and flags anything without forward secrecy or AEAD.
Certificate chain + OCSP
Parses every certificate from leaf to root, validates the chain against the system root store, parses the stapled OCSP response and checks session resumption.
Known weaknesses
Passive detection for POODLE, DROWN, BEAST, Sweet32, RC4, Heartbleed (Server-header heuristic), Lucky13 and Ticketbleed — each tied to a CVE.
HTTP headers, graded
Independent A+ → F grade for HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy and Permissions-Policy — with bonus / malus for COOP, Server leaks and weak cookies.
Custom checks
Looks for an RFC 9116 security.txt and inspects
robots.txt for paths that leak the existence of
sensitive admin or API routes.
Built for AI agents
Every finding is self-sufficient: title, impact and remediation
inline. The full check catalog is served at
/api/v1/checks for downstream agents and pipelines.
The same scan, over JSON.
Pipe a hostname in, get a grade and a list of findings. Gate a CI build on a regression or feed the result to an AI agent.
Read the catalog →# scan a host and read the TLS grade curl -sS https://www.websec0.com/api/v1/scan \ -H "Content-Type: application/json" \ -d {"host":"github.com"} \ | jq '.tls.grade' # → "A"