Configuration Exposure
Detect publicly accessible .env, manifest, configuration, and credential-bearing files.
SiteThreat checks public website surfaces for exposed configuration files, backups, Git metadata, application logs, insecure headers, and other common weaknesses—then tells you exactly what to fix.
Detect publicly accessible .env, manifest, configuration, and credential-bearing files.
Check for Git metadata and other development artifacts that should never be public.
Identify downloadable ZIP archives, SQL exports, debug logs, and application error files.
Review HSTS, CSP, clickjacking protection, MIME controls, and referrer policy.
Test common hostname variants because each can route to a different server or document root.
Every finding includes a plain-English explanation and practical remediation guidance.
Security reports often overwhelm site owners with technical labels. SiteThreat translates each result into priority, impact, and the specific next step—whether that means blocking a file, correcting a document root, rotating a credential, or adding a browser security header.
Start ScanningThe server returned HTTP 200 for /.env. This file may contain live database, email, API, and encryption credentials.
Block all environment-file variants immediately, then rotate any exposed credentials.
Only scan domains you own or are explicitly authorized to assess.