Headers, SSL, DNS & Monitoring
Major 2.0 — Share Extension, Siri, Widgets, MTA-STS, post-quantum TLS, WAF fingerprinting, PCI DSS 4.0, continuous monitoring, and 30+ analyzed dimensions.
Scan any URL and get an instant A+ to F security grade with actionable fixes — right from your iPhone or iPad.
GuardPad analyzes 11 HTTP security headers, SSL/TLS certificates (including post-quantum readiness), cookies, redirect chains, DNS records, email security, and infrastructure fingerprints in seconds. The most comprehensive mobile security scanner — and the only one with widgets, Siri integration, and a Share Extension.
Try every feature free for 3 days. No account required. No data collected.
NATIVE iOS, EVERYWHERE YOU NEED IT
• Share Extension — scan any URL straight from Safari or any browser
• Siri & Shortcuts — "Hey Siri, scan example.com with GuardPad"
• Home Screen & Lock Screen widgets for pinned domains
• Control Center toggle for instant re-scans (iOS 18+)
• Universal app with optimized iPad layouts
FREE FEATURES
• 11 graded security headers (HSTS, CSP, COOP, COEP, CORP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, X-XSS-Protection, Server)
• Cookie security analysis (Secure, HttpOnly, SameSite, __Host- prefix)
• CSP depth analysis (nonce, strict-dynamic, Report-Only)
• SSL/TLS certificate inspection with cipher suite details
• TLS depth analysis with post-quantum (X25519MLKEM768) detection
• Redirect chain visualization with quality grading
• Deprecated header detection (HPKP, Expect-CT, Feature-Policy)
• OWASP Top 10:2025 compliance mapping
• .well-known directory scanner (security.txt RFC 9116 and more)
• Quick Fix mode — see your highest-impact issues first
• Actionable WHAT/WHY/FIX diagnostics for every finding
• WAF/CDN fingerprinting (Cloudflare, CloudFront, Akamai, Fastly, and 10 more)
• Domain-grouped scan history
• Works offline for reviewing past results
PRO FEATURES
• Continuous monitoring — scheduled background re-scans with change-only notifications
• Certificate expiry alerts (30/14/7/3/1 days)
• Grade trend charts and security posture dashboard
• Batch scanning — up to 50 URLs at once with aggregate report
• Shareable security grade card and shields.io-style badge for READMEs
• iPad side-by-side scan comparison
• Server-specific fix code snippets for nginx, Apache, Express.js, and Caddy
• CORS configuration tester
• DNS records with DNSSEC, CAA, and full lookup (A, AAAA, MX, CNAME, TXT, NS, SOA)
• Subdomain discovery via DNS-over-HTTPS
• API endpoint intelligence (rate limits, exposed docs, GraphQL introspection)
• PCI DSS 4.0 readiness assessment
• Comparative context — percentile ranking against your scan history
• Email security analysis (MTA-STS, BIMI, SPF, DMARC, DKIM)
• PDF and Markdown export
• Full certificate chain inspection
Built for developers, security engineers, and IT teams who ship secure web applications. Whether you maintain nginx, Apache, Express.js, or Caddy, GuardPad gives you the tools to verify your configuration matches OWASP, PCI DSS 4.0, and modern security baselines.
PRIVACY-FIRST
No account. No analytics SDKs. No tracking. Zero external dependencies. All analysis happens on your device. Scan results stay in SwiftData on your device only. See Privacy Policy in Settings.
GuardPad is a developer tool for auditing security configuration of web servers you own or have permission to scan.
Chrome-Stats does not own this Apple app. Please use these information below to contact the Apple app developer.