Free external security scan.
Non-invasive check of your public-facing security controls. Enter your domain — we check DNS, web headers, SSL, known vulnerabilities, open ports, and phishing exposure. Results delivered within 15 minutes.
What we check
Six categories, non-invasive only. No credentials, no agents, no stored data.
DNS & email security
We check SPF, DKIM, DMARC records, DNSSEC configuration, and MX server posture. Common misconfigurations that expose your domain to spoofing or interception.
Web application headers
Analysis of Content-Security-Policy, HSTS, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers. Missing or misconfigured HTTP security headers are the most common external finding.
SSL / TLS configuration
Certificate validity, protocol support (TLS 1.2/1.3), cipher strength, and known vulnerabilities. Outdated protocols and weak ciphers remain the most frequent SSL risk.
Known vulnerabilities
Cross-reference of exposed services and software versions against CVE databases. We flag publicly known vulnerabilities that have active exploits in the wild.
Open ports & exposed services
Non-invasive port scan of common external-facing services. We identify services that should not be publicly reachable — RDP, database ports, management interfaces.
Phishing domain detection
We check for lookalike domains, typo-squatted variants, and domains with similar WHOIS patterns that could be used for employee or customer phishing attacks.
How it works
Enter your organisation's primary domain. The scanner runs a non-invasive external assessment across all six categories. Results are compiled into a structured report with findings grouped by severity.
Each finding includes the technical detail, what it means in plain language, and a recommended action. The scan does not store your data beyond the session.
- → External-only — no internal network visibility
- → Not a substitute for a full internal audit or red-team
- → Does not test authentication or application logic
- → For a comprehensive assessment, book a practitioner-led review
Start a scan
Enter your domain below to receive the scan. This is a read-only check — no credentials required.
Scanner integration in development. For an immediate external assessment, book a free review.
Need a deeper assessment?
Book a free 30-minute security review. One specific finding you can action immediately — practitioner-led for regulated UK SMEs.