Fast, free tools for defenders.

No signup. No tracking dashboards. Client-side tools never send your data anywhere — paste, check, done.

live check

Security Headers Checker

Grade any site's HTTP security headers — CSP, HSTS, frame protection — with plain-English fixes.

live check

DNS Lookup

Query A, MX, TXT, SPF, DMARC and more over DNS-over-HTTPS. Includes one-click email-auth checks.

live data · NVD

CVE Lookup

CVE details straight from NVD: CVSS score and vector, CISA KEV status, weaknesses, references.

100% in-browser

JWT Decoder

Decode JSON Web Tokens locally. Header, claims, expiry sanity checks. The token never leaves your machine.

100% in-browser

Decoder Toolbox

Base64, URL, hex, SHA hashes, epoch timestamps — the everyday conversions, all client-side.

100% in-browser

Email Header Analyzer

Paste raw email headers: hop-by-hop path, SPF/DKIM/DMARC results, spoofing red flags.

Why these tools exist

Every tool here does one job, fast, and explains its output. Checks report only what was actually observed — no invented findings, no fake authority. Read how each check works.