Free tool · no pentest

Website security
check. Free.

Enter a URL: Orilyt tests the public security signals — HTTPS, SSL certificate, protection headers, exposed WordPress version. Instant result, no sign-up.

Non-intrusive analysis: no intrusion testing, only publicly observable signals.

Nearly 1 in 2 European websites sends no HSTS header, and almost 3 in 4 have no Content-Security-Policy — Orilyt 2026 Barometer, 19,901 websites measured.

What does this free security check verify?

This tool gives an instant overview of a site's security hygiene, based on signals any browser can observe — without ever attacking the site or attempting an intrusion:

It's a starting point, not a full audit. A real diagnosis also checks outdated components and dependencies, exposed entry points and admin interfaces, accessible sensitive files, the IP address's reputation, and dozens of other points.

Is this a penetration test (pentest)?

No. A pentest simulates real attacks (SQL injections, XSS…) and requires the site owner's authorization. This tool only reads public signals — it's instant, free, and risk-free for the site being analyzed.

Quick snapshot ≠ full audit

Headers and the certificate are only the surface. Most compromises come through an outdated component, an admin interface open to brute-force attacks, an exposed configuration file or an enumerable admin account — all invisible from the homepage.

Orilyt goes further: more than 80 checkpoints covering security, performance, SEO, accessibility and compliance, in a clear, actionable report. The first audit is free.

Frequently asked questions

Is the tool really free and sign-up free?

Yes. The security snapshot is free and instant. The full audit (80+ checkpoints) is also free for a first try.

Is it legal to analyze a site I don't own?

Yes: the tool only consults public information (HTTP headers, certificate, homepage), exactly like a browser. It performs no intrusion or offensive testing.

Does a good result mean my site is secure?

No — it's a necessary condition, not a sufficient one. Correct headers don't prevent a vulnerable plugin or a weak password. For a real assessment, run the full audit.

Why the focus on WordPress?

WordPress powers more than 4 in 10 websites and concentrates most web attacks. Orilyt analyzes it in depth, while also auditing non-WordPress sites.