Encryption
4 guidesSSL/TLS Certificate
Your SSL/TLS certificate is the foundation of trust between your website and every visitor.
HTTPS Redirect
Even if your site has a valid SSL certificate, visitors who type your domain without 'https://' may land on the insecure HTTP version.
Certificate Transparency
Certificate Transparency (CT) is a public audit system that logs every SSL/TLS certificate issued by Certificate Authorities.
Subdomain SSL Coverage
Your main domain may have a perfect SSL certificate while subdomains like api.
DNS
9 guidesSPF Record
SPF (Sender Policy Framework) is a DNS record that lists which mail servers are authorised to send email on behalf of your domain.
DMARC Record
DMARC (Domain-based Message Authentication, Reporting and Conformance) ties together SPF and DKIM to tell receiving mail servers what to do when an email fails authentication.
DKIM Record
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing emails.
DNSSEC
DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records, allowing resolvers to verify that DNS responses have not been tampered with in transit.
CAA Records
Certification Authority Authorization (CAA) records are DNS entries that specify which Certificate Authorities are permitted to issue SSL certificates for your domain.
MTA-STS
MTA-STS (Mail Transfer Agent Strict Transport Security) forces email sent to your domain to use encrypted, authenticated TLS connections.
TLS-RPT
TLS-RPT (TLS Reporting) is a DNS record that tells sending mail servers where to send reports when they encounter TLS issues while delivering email to your domain.
BIMI Record
BIMI (Brand Indicators for Message Identification) is a DNS standard that lets you display your brand logo next to your emails in supporting inboxes like Gmail and Apple Mail.
Email Spoofing Risk
Email spoofing is when an attacker sends emails that appear to come from your domain.
Headers
5 guidesSecurity Headers
HTTP security headers are instructions your web server sends to browsers telling them how to handle your content.
Cookie Security
Cookies store session tokens, authentication credentials, and user preferences.
CORS Configuration
CORS (Cross-Origin Resource Sharing) is a browser security mechanism that controls which external websites can make API requests to your server.
Clickjacking Protection
Clickjacking is an attack where a malicious website embeds your site in a hidden or transparent iframe and tricks users into clicking on your site's buttons — like confirming a purchase, changing account settings, or clicking Like on social media — without realising it.
Third-Party Script Risk
Every third-party script you load on your website — analytics, chat widgets, advertising, A/B testing tools — runs with full access to your page.
Infrastructure
13 guidesOpen Port Scanner
Open ports on your server represent services accessible from the internet.
Admin Panel Exposure
Admin panels give full control over your website and application.
Sensitive File Exposure
Sensitive files accidentally left accessible on web servers are a goldmine for attackers.
API Endpoint Exposure
APIs power modern web applications, but improperly secured API endpoints can expose sensitive data or allow unauthorised actions.
Cloud Storage Exposure
Cloud storage buckets — AWS S3, Azure Blob Storage, Google Cloud Storage — are frequently misconfigured to allow public read or write access.
CVE Detection
CVE (Common Vulnerabilities and Exposures) detection identifies known vulnerabilities in the software your server is running.
Subdomain Takeover
A subdomain takeover occurs when a DNS record points to an external service (like a GitHub Pages, Heroku app, or S3 bucket) that no longer exists.
Technology Fingerprint
Technology fingerprinting is the process of identifying what software powers a website — web server, CMS, frameworks, libraries, and their versions.
WAF Detection
A Web Application Firewall (WAF) sits in front of your web application and filters malicious traffic — blocking SQL injection, XSS, path traversal, and other attacks before they reach your application code.
Directory Listing
Directory listing is a web server feature that, when enabled, shows the contents of directories that do not have an index file.
Blacklist Check
Blacklists are databases of IP addresses and domains known for sending spam, hosting malware, or serving phishing pages.
Admin Panel Discovery
Admin panel discovery goes beyond checking common paths — it actively probes for less obvious admin URLs, non-standard ports, and framework-specific admin interfaces that may have been left accessible.
API Endpoint Discovery
API endpoint discovery probes your domain for API endpoints that may not be intentionally documented or public.
Intelligence
7 guidesSubdomain Discovery
Subdomain discovery maps your complete external attack surface by finding all subdomains associated with your domain.
Dark Web Exposure
Dark web exposure monitoring checks whether credentials, email addresses, or data from your domain have appeared in breach databases traded and sold on dark web forums.
Security.txt
Security.
Typosquatting Monitor
Typosquatting is the registration of domains that closely resemble yours — with a character swapped, a hyphen added, or a different TLD — to trick users into visiting a fake version of your site.
WHOIS & Domain Age
WHOIS records contain domain registration information: who registered the domain, when, with which registrar, and when it expires.
GitHub Secret Scan
Developers accidentally commit secrets — API keys, database passwords, private keys, and access tokens — to Git repositories far more often than you might think.
Google Safe Browsing
Google Safe Browsing is a blacklist service used by Chrome, Firefox, Safari, and many other browsers.
Ready to check your domain?
Run all 38 security checks on your domain and get a prioritised list of issues to fix.
Check Your Domain Now