Skip links

Home / Products / Security Scans


Empowering Website Security: Safeguard Your Digital Presence and Stay Ahead of the Curve.

Security scans

We not only validate businesses thoroughly, but also prioritize website security. Our comprehensive security scans identify vulnerabilities and potential threats on merchants’ websites. By proactively addressing these issues, our merchants can safeguard customer data, enhance online security, and protect their brand reputation.

Get certified

Security scans

Our Security offering is designed to give our customers the peace of mind to do business online confidently. With Truly Legit, our vetting process ensures a Truly Secure certification with monthly monitoring and site scanning to ensure you and your website are continuously held to our standard of security.

Through our user interface, customers can easily view scan results and access tools to combat any detected vulnerabilities.

Our technology scans and detects potential security threats, allowing us to take proactive measures to prevent any potential breaches.

— Features

  • Monthly assesments and scans
  • Company monitoring
  • Essential personnel validation
  • Website security dashboard
  • Initiate security scans anytime
  • Historical and present scan results

Get certified
Types of scans

How we help you combat your site’s security vulnerabilities

Truly Legit offers a multitude of different security scans that all work collectively to give you…

For in depth descriptions on each scans please go to the following link

— Scans

  • Anti-clickjacking Header
  • Application Errors
  • Big Redirect Detected (Potential Sensitive Information Leak)
  • Cache Control
  • Charset Mismatch
  • Content Security Policy (CSP) Header Not Set
  • Content Type Missing
  • Cookie HttpOnly
  • Cookie – Loosely Scoped
  • Cookie Poisoning
  • Cookie Secure Flag
  • Cookie Without SameSite Attribute
  • Cross Domain Script Inclusion
  • Cross Domain Misconfiguration
  • CSP (Content Security Policy)
  • CSRF Countermeasures
  • Directory Browsing
  • Hash Disclosure
  • Heartbleed OpenSSL Vulnerability (Indicative)
  • HTTP Server Response Header
  • HTTP to HTTPS Insecure Transition in Form Post
  • HTTPS to HTTP Insecure Transition in Form Post
  • Information Disclosure: Debug Errors
  • Information Disclosure: In URL
  • Information Disclosure: Referrer

  • Information Disclosure: Suspicious Comments
  • Insecure Authentication
  • Insecure JSF ViewState
  • Mixed Content
  • Modern Web Application
  • Open Redirect
  • PII Disclosure
  • Private Address Disclosure
  • Retrieved from Cache
  • Reverse Tabnabbing
  • Server Leaks Information via “X-Powered-By” HTTP Response Header Field(s)
  • Session ID in URL Rewrite
  • Strict Transport Security Header
  • Timestamp Disclosure
  • User Controllable Charset
  • User Controllable HTML Element Attribute (Potential XSS)
  • User Controllable Javascript Event (XSS)
  • Username Hash Found
  • X-AspNet-Version Response Header
  • X-Backend-Server Header Information Leak
  • X-ChromeLogger-Data Header Information Leak
  • X-Content-Type-Options
  • + More!

Get yours

Other products included with your subscription


Our trusted badges of approval help to build customer trust, making it easier for visitors to engage with your website and driving growth over time.

Certifications & badges


Get a comprehensive understanding of your website’s performance to enhance business planning & monitoring with ease.


Check out our pricing plans and start unlocking your sales today

Pricing plans

Check out our pricing plans and start unlocking your sales today

Pricing plans

Gain customer trust and boost sales with our certification solution

Get certified now!