SecurityStatus
Sign In Scan Your Domain
How It WorksPricing
Sign In Get Started
Transparent by Design

Exactly how your score
is calculated

No black boxes. No proprietary algorithms. Every point is earned (or lost) by a specific, named security control — and we tell you exactly which ones to fix.

100 points. 4 categories.

Each category contributes up to 25 points. Within each category, individual checks are weighted by severity. All checks in a category are scaled to a 25-point ceiling — so a strong category partially offsets a weak one.

This design means you can't achieve a high score by acing one category and ignoring the rest. Security requires breadth.

Encryption & SSL 25 pts
DNS & Email Security 25 pts
Web Application 25 pts
Infrastructure 25 pts
Total 100 pts
The Checks

What we check in each category

We don't publish individual tool names — but here's exactly what each category examines.

Encryption & SSL

Max 25 points
SSL/TLS certificate validity and chain of trust
Days remaining before certificate expiry
TLS protocol version (TLS 1.2/1.3 vs outdated protocols)
Cipher suite strength and known weak ciphers
HTTPS enforcement and HTTP redirect behaviour

Why it matters: An expired or misconfigured certificate breaks HTTPS for every visitor — and signals to attackers that your security hygiene is poor.

DNS & Email Security

Max 25 points
SPF record existence and policy strictness
DKIM key publication and selector configuration
DMARC policy, reporting, and enforcement level
MX record configuration and mail server presence
DNSSEC signing and chain of trust
CAA record restricting certificate issuance

Why it matters: Without proper SPF, DKIM, and DMARC, anyone can send email from your domain — phishing your customers, employees, and partners.

Web Application

Max 25 points
HTTP security headers (HSTS, CSP, X-Frame-Options, and others)
Cookie security flags (HttpOnly, Secure, SameSite)
Clickjacking protection
CORS policy configuration
Technology fingerprinting and exposed version information
Sensitive files and admin panel exposure

Why it matters: Missing security headers are the easiest wins for attackers — they're trivial to fix and trivial to exploit if left unset.

Infrastructure

Max 25 points
High-risk TCP ports exposed to the internet
Database and cache services accessible externally
Remote access services (RDP, VNC, SSH-alt) exposed
Domain blacklist status across major reputation lists
Typosquatting domain registration monitoring
WHOIS and domain registration health

Why it matters: An open Redis or MongoDB port accessible from the internet is a critical misconfiguration that takes minutes to exploit and months to recover from.

Grades

The grade scale

Grades are intentionally strict. Most production domains land between B and D — that's normal and fixable.

A+
95–100 pts
Excellent — Industry-leading security posture. All major controls are in place.
A
85–94 pts
Very Good — Strong security. Minor improvements available but no critical issues.
B
70–84 pts
Good — Solid foundation. A few issues need attention to reach A grade.
C
55–69 pts
Moderate — Several misconfigurations present. Common for production domains.
D
40–54 pts
Poor — Significant security gaps. Remediation should be prioritised.
F
0–39 pts
Critical — Multiple critical issues. Immediate action required.

Manual scans

Trigger a scan any time from your dashboard. Results arrive in under 90 seconds.

Weekly automated scans

Pro plan domains are automatically re-scanned every week so you never miss a regression.

Continuous monitoring

SSL expiry, blacklist status, and typosquatting are monitored between scans with real-time alerts.

See your score for real

Free scan. No credit card. Your security grade in 90 seconds.

Scan Your Domain