security

Security Scanner

SSL / headers / CSP audit

About Security Scanner

Security Scanner performs a fast, non-invasive audit of any public tourism website — hotel, villa booking engine, DMO portal — and flags the issues that matter most for trust and compliance. It reads TLS configuration, HTTP security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy), cookie flags, mixed-content warnings, and outdated protocol exposure.

No credentials are required. The scanner acts as a public visitor, which means results reflect what a real user, a real search engine, and a real attacker probing public surface would see. It won't catch SQL injection or application-level bugs, but it will catch the 80% of issues that get quick wins on Trustpilot, GDPR, and booking-engine certification checklists.

Designed for the non-specialist: every warning includes a plain-English explanation of the risk, the standard it violates, and the concrete change (usually a header value or TLS setting) that fixes it.

What it does

TLS / SSL certificate and protocol audit (TLS 1.2+, HSTS preload)
Security-header check (CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy)
Cookie flag review (Secure, HttpOnly, SameSite)
Mixed-content detection on HTTPS pages
Plain-English remediation notes — no security background required

Frequently asked questions

Is this a penetration test?

No. It's a passive, non-invasive audit of public surface. A real pen-test involves authorised deep probing; this tool catches the configuration issues that typically come first in any audit report.

Do I need permission to scan?

The scanner only reads what any public visitor sees. Scan your own properties and client sites with appropriate agreements; avoid scanning third-party sites without authorisation.

Will it catch GDPR cookie consent issues?

It flags missing cookie flags and third-party trackers set before consent — partial but useful coverage. Full consent auditing needs a dedicated tool; this is a strong first screen.

Can I schedule repeat scans?

Scheduled recurring scans are on the roadmap. Today you run on demand.

Does the scan affect my server load?

Negligible — a few HTTPS requests and a TLS handshake inspection. Fewer hits than one search engine crawl.

Ready to try Security Scanner?

Hotel IT managers, DMO digital leads, and agency CTOs auditing tourism websites.

Launch Security Scanner

SEO Hub

PageSpeed, Core Web Vitals, and structured-data audit

Review Response Hub

AI-drafted replies for Google and TripAdvisor reviews

Social Content Tool

LinkedIn, Instagram, and TikTok copy in your brand voice

Banner Studio

AI image generation for campaigns and social

Content Library

Browse official tourism imagery from the Marketing Greece asset library