Question 1

What does a web security audit check?

Accepted Answer

A web security audit checks DNS records (A, AAAA, MX, NS, TXT, CNAME), email security (SPF, DKIM, DMARC, BIMI), Subresource Integrity (SRI), mixed content warnings, form security (action TLS, password autocomplete, CSRF tokens), iframe sandbox/allow attributes, base tag injection, HTML comments for sensitive data leaks, Content-Security-Policy meta tags, technology stack detection, and page metadata (title, OG tags).

Question 2

How does the Web Auditor work?

Accepted Answer

Enter any URL and click Run Audit. The tool queries DNS-over-HTTPS for network-level data, then fetches the page HTML via a privacy proxy for body-based security checks. Results are displayed in a prioritized report with a security score from A+ to F.

Question 3

Is the Web Auditor safe to use?

Accepted Answer

Yes. The Web Auditor runs entirely in your browser. DNS queries use Cloudflare DNS-over-HTTPS (encrypted). The HTML fetch goes through a privacy proxy that only retrieves the page body. No data is stored on any server.