AppTech Systems

Website Security Check

Is your website leaving the door open?

A free, non-intrusive health check of your site’s HTTPS, security headers, and cookie settings. We read only what a normal visit returns — no scanning or probing — and grade it in seconds.

Please only check sites you own or have permission to test. This is a passive, read-only check — no intrusive scanning is performed.

What this website security check looks at

This free checker grades the security basics every website should get right: whether your site enforces HTTPS, whether key security headers (HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) are present, whether your cookies use Secure/HttpOnly/SameSite flags, and whether your server quietly leaks software versions that help attackers. It’s a passive, read-only check — no intrusive scanning.

These gaps matter for three reasons: protecting visitor data (a PDPA expectation in Singapore), keeping visitor trust (browsers flag insecure sites), and SEO (HTTPS is a Google ranking signal). For a deeper look at each issue and how to fix it, read our guide: Website Security for Singapore SMEs.

Website security questions, answered

Is this security check safe to run on my website?

Yes. It’s a passive, read-only check — it only inspects what a normal browser visit returns (HTTP headers, HTTPS, cookie flags). It performs no port scanning, vulnerability probing, or intrusive testing, so it’s safe and lawful to run on a site you own.

What are HTTP security headers and why do they matter?

Security headers (like HSTS, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options) tell browsers how to handle your site safely. They defend against common attacks such as cross-site scripting (XSS), clickjacking, and protocol downgrades. Missing them is one of the most common — and easily fixed — web security gaps.

Why does my website need HTTPS and HSTS?

HTTPS encrypts traffic between your visitors and your site; without it, browsers show a “Not Secure” warning and data can be intercepted. HSTS goes further by forcing browsers to always use HTTPS, preventing downgrade attacks. Both are baseline expectations today.

What is a good website security score?

Aim for an A or B. Most issues that drag a score down — missing headers, insecure cookie flags, exposed software versions — are configuration changes a developer can apply in an afternoon, without rebuilding the site.

Can AppTech fix the issues you find?

Yes. We can apply the header, HTTPS, and cookie fixes for you, and — where the deeper risk is how customer data is handled — build secure, PDPA-compliant systems. Book a free call and we’ll walk through your results.