What does Website Grader check?

Website Grader runs 70+ checks across 6 categories: SEO (meta tags, headings, structured data), Performance (Lighthouse scores, LCP, CLS), Mobile (viewport, responsive design), Security (HTTPS, headers, mixed content), Accessibility (ARIA, semantic HTML), and Content (word count, broken links, readability).

Is Website Grader free?

Yes, the basic audit is completely free. You get an overall score (0-100), scores for all 6 categories, and your top 3 critical issues. You can unlock the full report for any scan for €9 one-time (no subscription), or subscribe to Pro (€29/month) for unlimited scans, monitoring, and more.

How is the website score calculated?

The overall score is a weighted average: SEO (25%) + Performance (25%) + Mobile (15%) + Security (15%) + Accessibility (10%) + Content (10%). Each category score is based on passed, warned, and failed checks.

← Back to blog

Website Security Check - Free Online Tool

Published on March 24, 20267 min read

Why Website Security Matters

Website security is not just about preventing hacks - it affects user trust, search rankings, and legal compliance. Google marks HTTP sites as "Not Secure" in Chrome, and HTTPS is a confirmed ranking signal. Visitors who see security warnings leave immediately, costing you traffic and conversions.

Even simple websites need basic security measures. If you collect any user data - emails, form submissions, payments - security is a legal obligation under GDPR and similar regulations.

Essential Security Checks

HTTPS and SSL Certificate

HTTPS encrypts data between the browser and server, preventing interception. Every website should use HTTPS - free certificates from Let's Encrypt make cost a non-issue. Website Grader verifies that your site loads over HTTPS and that the certificate is valid.

Security Headers

HTTP security headers tell browsers how to handle your content securely. Website Grader checks for six critical headers:

X-Content-Type-Options prevents MIME type sniffing attacks. X-Frame-Options blocks clickjacking by controlling iframe embedding. Strict-Transport-Security (HSTS) forces HTTPS connections. Content-Security-Policy (CSP) prevents XSS and injection attacks. Permissions-Policy controls browser feature access. Referrer-Policy manages how much referrer information is shared.

Mixed Content

Mixed content occurs when an HTTPS page loads resources (images, scripts, stylesheets) over HTTP. This breaks the security chain and triggers browser warnings. Website Grader scans all resources on your page to detect mixed content issues.

Information Disclosure

Server headers like X-Powered-By and Server reveal technology details that attackers can exploit. Website Grader flags these exposed headers and recommends removing or obfuscating them.

Advanced Security Signals

Subresource Integrity (SRI)

When loading scripts from CDNs or third parties, SRI hashes ensure the file has not been tampered with. If an attacker compromises a CDN, SRI prevents the modified script from executing on your site.

Cookie Security

Cookies should use the Secure flag (HTTPS only), HttpOnly flag (no JavaScript access), and SameSite attribute (CSRF protection). Website Grader checks cookie attributes to identify insecure configurations.

How Security Affects SEO

Google has explicitly stated that HTTPS is a ranking signal. Beyond that, browser security warnings increase bounce rates, mixed content can prevent proper indexing, and poor security practices can lead to your site being flagged or delisted.

Security accounts for 15% of your overall Website Grader score - equal to mobile friendliness - reflecting its dual importance for protection and search visibility.

Quick Security Wins

Enable HTTPS with a free Let's Encrypt certificate. Add security headers - most web servers and CDNs let you configure them in minutes. Remove X-Powered-By headers. Audit your page for mixed content and update all resource URLs to HTTPS. Set Secure and HttpOnly flags on cookies.

Check Your Security Now

Enter your URL below to run a free security audit - see exactly which headers are missing and what to fix.

Ready to check your website?

Run a free audit with 70+ checks across SEO, performance, security, and more.

← Back to blog