About
In April 2026, SecurityHeaders.com shut down its API — the free tool that thousands of pentesters and developers used to programmatically check HTTP security headers. The replacement options were either expensive SaaS platforms or half-broken open source projects.
WebAudit started as a personal tool to fill that gap. It does what SecurityHeaders.com did, and more — TLS certificate analysis, DNS email security (SPF, DMARC), cookie flag auditing, and a client-ready PDF report that you can hand to a CTO without embarrassment.
I'm Abhishek Patel, a freelance pentester and developer based in India. I built WebAudit because I needed it for my own client work, and because the existing alternatives were either too expensive or required accounts and credit cards for basic scans.
WebAudit is a solo project — no VC funding, no team, no growth hacks. Just a tool that does what it says.
Found a bug? Want a feature? Have a scan that returned wrong results? Email hello@webaudit.in — I read every message.
For API access and PDF exports, see the Plans page — checkout is automatic and routes to the right payment option for your location.