SiteAlertAI SiteAlertAI
⬡ Web Scan 🔒 SSL/TLS 📬 MX Record ✉ Email Header 🎣 URL Check 🌍 IP Geo
⬡ Web Scan 🔒 SSL/TLS 📬 MX Record ✉ Email Header 🎣 URL Check 🌍 IP Geo

Security Guides

Plain-English explanations of every check SiteAlertAI runs — what each one means, why it matters, and exactly how to fix it.

What Is HSTS and How Do I Enable It? HTTP Strict Transport Security forces browsers to use HTTPS. Learn what HSTS does, how the preload list works, and how to enable it safely. Content-Security-Policy Explained (and How to Fix a Weak One) A Content-Security-Policy limits where scripts and other resources can load from. Learn how to write an effective CSP and avoid unsafe-inline. Mixed Content: Why Your HTTPS Padlock Breaks Mixed content is an insecure http:// resource loaded by an https:// page. Learn the difference between active and passive mixed content and how to fix it. CAA Records: Control Which CAs Can Issue Your Certificates A CAA DNS record restricts which certificate authorities may issue certificates for your domain. Learn how to add one and why it reduces mis-issuance risk. security.txt: How Researchers Report Vulnerabilities to You A security.txt file (RFC 9116) publishes a contact for reporting security issues. Learn where to put it and what to include. Subdomain Takeover: The Dangling DNS Risk A subdomain takeover happens when a CNAME points to a de-provisioned cloud service an attacker can claim. Learn how to find and fix dangling records. TLS Cipher Strength: Forward Secrecy, AEAD and Weak Ciphers Not all TLS ciphers are equal. Learn what forward secrecy and AEAD mean, and which weak ciphers (RC4, 3DES, CBC) to disable. __Host- and __Secure- Cookie Prefixes Explained Cookie prefixes let the browser enforce that a cookie is set securely. Learn the __Host- and __Secure- rules and why they prevent cookie attacks.
SiteAlertAI · © 2026 All rights reserved · Built for security professionals and developers.
Blog Guides Privacy Terms About Contact Social

⚠ For authorised security testing only. Scanning domains you do not own may violate laws in your jurisdiction. SiteAlertAI accepts no liability for misuse. CVE data is indicative — verify with NVD.