we scan your site's security headers, fingerprint the tech stack, audit cookies, check DNS records, and give you a ready-to-paste fix config. all free, all in your browser.
no scans yet — run your first scan above and results will show up here.
poopSec is a free, zero-BS web security scanner built because most security tools out there are too expensive, too complicated, or just plain boring. we wanted something that tells you what's actually wrong — in plain english — and helps you fix it without making you feel like an idiot.
it checks security headers, fingerprints your tech stack, audits cookie flags, checks DNS email security records (SPF, DMARC), detects information leakage, scans for SRI (Subresource Integrity) on external scripts, checks for mixed content, probes exposed subdomains, and generates a ready-to-paste nginx/Apache/Express config to fix everything. all client-side, all private — we literally can't see your scans.
think of it as a brutally honest friend who happens to know a lot about web security and won't charge you $500/month for it.