Surface Scan - What Runs Here?
Surface Scanner
Audit any website’s client-side exposure — JavaScript, cookies, third-party resources, fingerprinting signals, tracking services, and security headers — scored out of 100.
Static analysis · No JavaScript · Pure PHP + cURL
Scan a website
Fetches the target URL server-side via cURL, reads HTTP response headers, and analyses the static HTML for scripts, cookies, third-party resources, fingerprinting APIs, and known trackers. Results reflect static content only — JS-rendered SPAs may score higher than their true exposure.