PACAVITA

Free security check

Does your website have the same
weaknesses that caused
real data breaches?

Five attack surfaces checked. Every finding mapped to a real documented breach with the company name, the fine, and the ICO or SEC filing reference. Not theoretical risk — things that actually happened.

Checks 5 attack surfaces: HTTP headers, exposed files, email spoofing, third-party trackers, and cookie security. Every finding mapped to a real documented breach. Free. No signup.

Five attack surfaces

What the scan checks

🔒

HTTP Security Headers

HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy. Six headers that activate your browser’s built-in defences.

📂

Exposed Files

.env, .git, wp-admin, backups, debug endpoints. 12 paths that should never be publicly accessible. Response body validation eliminates false positives.

✉️

Email Spoofing

SPF, DKIM and DMARC DNS records. Without these, anyone can send emails that appear to come from your domain.

📡

Third-Party Trackers

Analytics, session recording, ad pixels, chat widgets. 11 known trackers detected by name. Each one is a data leak and a GDPR question.

🍪

Cookie Security

HttpOnly, Secure and SameSite flags on every cookie set on initial page load. Missing flags mean stolen sessions.

📋

Breach Precedents

Every finding is mapped to a real documented breach — company name, year, fine, ICO/SEC filing reference. Not theoretical risk.

Passive scan only. No exploitation, no payload injection, no authentication bypass. We check what\u2019s publicly visible.

Free Website Security Check | Pacavita | Pacavita