FrameRadar working title

Scan a website URL for visible stack and security signals.

FrameRadar starts with a passive, URL-only scan: headers, redirects, cookies, public technology hints, and common browser security headers. It does not log in, test private code, or run exploit checks.

Save the result as an application when you are ready to track changes over time. Connected monitoring is the next step for richer application events and alerts.

Public scans reject localhost, private networks, internal hostnames, and non-web schemes.

What the free scan checks

  • HTTP status, final URL, and redirects
  • Response headers and visible security headers
  • Cookies and simple public technology hints
  • Basic framework evidence when the site exposes it

What connected monitoring adds

  • Saved applications and scan history
  • Application API keys for event ingestion
  • Alerts from high-severity connected events
  • A clearer timeline than a one-off URL scan

Who it is for

  • Founders checking a public production site
  • Developers reviewing deployment posture
  • Small teams that need lightweight visibility
  • Agencies handing off basic security context

Start with the public signals.

Run a URL scan now, then save the application when you want history, events, and alerts in one place.

Scan a URL