Frequently Asked Questions
GuardPad analyzes 8 critical headers: Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, X-XSS-Protection, and Cross-Origin policies.
The grade is based on industry best practices and OWASP recommendations. We check for presence and correct configuration of security headers.
GuardPad can only scan publicly accessible URLs. Internal or localhost URLs cannot be reached from your device.
We check certificate validity, expiration date, issuer, subject, key strength, and supported protocols. PRO includes detailed cipher suite analysis.
After scanning, tap the share button to export as PDF or JSON. PRO is required for export functionality.
All scan data is stored locally on your device. With PRO, you can enable iCloud sync to access your history across devices.
Troubleshooting
Scan fails or times out
Check your internet connection and verify the URL is correct and publicly accessible. Some servers may block automated requests.
SSL certificate errors
If a site has an invalid or self-signed certificate, GuardPad will report this as a security issue. This is expected behavior.
Missing headers shown as warnings
Missing security headers are flagged as warnings to help you identify areas for improvement. Not all headers are required for every site.
Current Version
GuardPad v1.0.0
Requires iOS 17.0 or later. Compatible with iPhone and iPad.
Still Need Help?
We're here to help. Send us an email and we'll get back to you.