<MCP.Playground/>
online

MCP Security Scanner

Free

18 checks across transport security, authentication, MCP protocol compliance, information disclosure, security headers, and rate limiting — paste a URL and get results in seconds.

Loading scanner...

Why MCP Server Security Matters in 2026

A February 2026 security scan found over 8,000 MCP servers exposed on the public internet with no authentication. Any AI agent — or malicious actor — can connect to those servers, enumerate their tools, and call them without restriction.

Palo Alto Unit 42 published research in early 2026 identifying new attack vectors specific to MCP: tool poisoning (manipulating tool descriptions to hijack agent behavior) and sampling injection. Both require an attacker to first reach your server — authentication is your first line of defense.

This free scanner checks the most critical security properties of your MCP server and gives you a prioritized list of what to fix.

What This Scanner Checks

  • HTTPS: Whether your server uses TLS. HTTP servers expose auth tokens, session data, and tool payloads in plaintext — any network observer can intercept them.
  • Authentication Required: Whether the server rejects unauthenticated requests with a 401 or 403. This is the most important check — an open server is fully accessible to anyone.
  • HTTP Strict Transport Security (HSTS): Prevents browsers from falling back to HTTP connections and protects against SSL stripping attacks.
  • X-Content-Type-Options: Prevents MIME type sniffing, which can enable cross-site scripting in some browser configurations.
  • X-Frame-Options: Blocks your server's responses from being embedded in iframes, preventing clickjacking attacks.
  • Content-Security-Policy: Restricts which resources can be loaded, providing a strong second line of defense against XSS.
  • CORS Policy: A wildcard Access-Control-Allow-Origin: * means any website can make authenticated-looking requests to your server from a visitor's browser.

How to Fix Common Issues

  1. Add HTTPS — deploy your server behind a TLS-terminating reverse proxy such as Cloudflare, Nginx, or Caddy. Cloudflare's free plan handles this with zero config.
  2. Require authentication — add a Bearer token check for internal tools (5 minutes to implement) or full OAuth 2.1 with PKCE for public-facing servers.
  3. Add HSTS — set the Strict-Transport-Security: max-age=31536000 header in your server's response or in your reverse proxy config.
  4. Restrict CORS — replace * with your specific allowed origins, e.g. https://claude.ai or your application domain.
  5. Add remaining headersX-Content-Type-Options: nosniff and X-Frame-Options: SAMEORIGIN can be added in a single middleware or proxy config block.

For step-by-step implementation with code examples, read our guide on securing MCP servers with OAuth 2.1, Bearer tokens, and Cloudflare Access.

Frequently Asked Questions

Is this scanner free to use?
Yes, completely free. No sign-up, no API key, no rate limit. Scan as many servers as you need.
Does scanning my server expose it to risk?
No. The scanner makes a single unauthenticated GET request to your server URL and reads the HTTP response headers. It does not attempt to authenticate, discover tools, call tools, or read any server data. It is equivalent to what a monitoring tool or browser would do.
My server requires auth — will it fail the reachability check?
No. A 401 or 403 response is a pass for the Authentication check — that is exactly what you want. The scanner checks that authentication is enforced, not that it can connect without credentials.
What is a good security score?
Grade A (90–100) means all critical and important checks pass. The two highest-weight checks are HTTPS (25 points) and authentication (30 points) — a server passing both starts at 55 points before any headers are checked. Most production servers should target a B or above.
Can I test my MCP server's tools after scanning?
Yes — MCP Playground's server tester lets you connect to any MCP server, browse its tools, and execute them with custom parameters — all from your browser.