Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
http.uz is a free website security audit tool. The page highlights “Free,” “Instant,” and “No signup,” allowing users to start a scan directly. It is not primarily a traditional WAF or endpoint protection product; rather, it is a lightweight detection service for identifying a website’s externally exposed attack surface. It is well suited for quickly checking obvious misconfigurations before launch or during routine operations.
In terms of protection coverage, it checks for common high-risk exposures on web properties. This includes scanning 24+ common paths for .env files to help prevent leakage of keys and credentials; checking 22 common ports such as FTP, SSH, MySQL, Redis, and MongoDB, with explanations of the associated risks; detecting exposed phpMyAdmin panels; searching for downloadable SQLite databases; checking for publicly accessible /.git config or head files; validating SSL certificates, HSTS, CSP, and clickjacking protection headers; and testing common subdomain environments such as admin, dev, and test. Overall, it is best described as a quick external attack-surface health check.
The page states that the tool is free, instant, and requires no registration. It also shows that the current IP has a remaining quota of 3/3 free scans, suggesting that free scan volume is limited by IP address. Deployment is via online scanning, with no need to install a client or agent. Payment methods, paid plans, and enterprise packages are not disclosed.
Its strengths are its extremely low barrier to entry and practical checks, especially for issues that frequently appear in real-world incidents, such as exposed .env files, .git directories, database files, and admin panels. Its limitations are that the disclosed capabilities are fairly limited: there is no visible support for authenticated scanning, deep vulnerability validation, continuous monitoring, alerting, report management, APIs, or SIEM integration, and no compliance certifications are mentioned. As a result, it is better suited as a basic self-check tool than as a full security operations platform.
It is suitable for individual site owners, developers, small teams, and operations staff who need a quick security self-check, and it can also be used as part of a pre-launch checklist. The text does not specify access from mainland China, network stability, or payment availability, so china_access can only be marked as unknown. For alternatives or complementary tools, consider Mozilla Observatory, SecurityHeaders.com, Qualys SSL Labs, as well as China-based services such as FOFA, ZoomEye, or website security testing services.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on http.uz official site.
http.uz is an Uzbekistan Security provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach http.uz directly.