What it checks
Public API body and headers for debug signatures, secret-looking values, cache-control gaps, CORS behavior, content type, and framework disclosure.
Free Techclick tool
Scan a public unauthenticated API URL for verbose errors, stack traces, debug flags, secret-looking fields, weak cache controls, permissive CORS, and framework disclosure. Evidence is capped and redacted.
Leak score
No scan yet.
Public API body and headers for debug signatures, secret-looking values, cache-control gaps, CORS behavior, content type, and framework disclosure.
No credentials, no private networks, no crawling, no exploit payloads, no login testing, and no full response dumps.
Use with Headers, Recon, JWT, CVSS, and Mail Header Analyzer to build a practical API security review workflow.