Log in

Find website vulnerabilities
before others find them

PromoPilot Shield scans the site for vulnerabilities — headers, TLS, open files, CMS vulnerabilities, SSRF, and injections — and prepares a personal report with CVSS rating and remediation plan. Works with WordPress, Joomla, OpenCart, and custom sites.

Free check · no installation · result in a minute

What we check

Over 40 checks based on OWASP methodology — safe and without exploiting vulnerabilities.

Headers and TLS

HSTS, CSP, X-Frame-Options, certificate status, outdated protocols, cookie flags.

Leaks and open files

.git, .env, backups, phpinfo, directory listings, software and CMS version disclosure.

Injections and SSRF

Surface for XSS, SQL injections, open redirects, and SSRF (parameters loading URLs).

CMS vulnerabilities

Engine and version detection, known vulnerabilities, open admin panels, XML-RPC, user enumeration.

DNS and mail

SPF, DKIM, DMARC, CAA — domain protection against email spoofing and forgery.

AI report

Expert analysis of findings in simple terms, risk assessment for the business, and a step-by-step remediation plan.

Complete list of checks

Over 40 automated checks based on OWASP methodology — safe, without exploiting vulnerabilities.

Security HeadersHSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
TLS and certificateCertificate duration and validity, outdated TLS protocols 1.0/1.1, HTTP→HTTPS redirect, HSTS
CookiesSecure, HttpOnly, SameSite flags for cookies
Information leaks.git, .env, backups, phpinfo, server-status, directory listings, software version disclosure
CMS vulnerabilitiesEngine and version, configs (wp-config/local.xml), open installers, debug logs, XML-RPC, user enumeration, outdated versions
DNS and mailSPF, DKIM, DMARC, CAA — protection against email forgery
CORS and contentInsecure CORS, clickjacking, mixed content, vulnerable JS libraries
Injections and SSRFReflected XSS, signs of SQL injections, open redirects, SSRF surface (parameters loading URLs)
APIOpen endpoints, GraphQL, verbose errors, unauthorized access

Simple pricing

One-time checks from the overall balance or a subscription for regular monitoring.

Quick check
Free
  • Headers, TLS, cookies
  • DNS and version leaks
  • Rating A–F
Deep scan
$19
  • All checks
  • CMS vulnerabilities, SSRF, injections
  • AI report + PDF
Monitoring
Subscription
  • Regular rescans
  • Alerts about new threats
  • Certificate monitoring
Check your site