Attacker's-eye view
A public-surface security scan for HTTPS, headers, cookies, DNS, and exposed tech.
Loading
Loading
Find public security gaps across HTTPS, headers, cookies, DNS/email records, mixed content, and exposed tech signals.
Security score
A public-surface security scan for HTTPS, headers, cookies, DNS, and exposed tech.
Per-URL findings sorted by risk, each with a concrete fix to apply.
This is not a penetration test. Browser-visible, publicly available signals only.
WHY IT MATTERS
Most breaches start with what is already public. See your exposed surface before someone else does.
HTTPS gaps, missing headers, and loose cookies are visible to anyone. The Website Security Scan surfaces them, ranked by severity.
THE REPORT
One scan returns a per-URL report and a prioritized list of the public-facing security gaps on your site.
4 of 6 checks passing. Public signals sampled.
HUMAN + AGENT
Each product returns the same core contract: score, URLs, severity, evidence, and the fix. The dashboard stays human-readable while connector surfaces make the result machine-actionable.
Review the score, prioritize findings, export reports, assign fixes, and keep monitoring inside the dashboard.
Use structured run IDs, affected URLs, severity, evidence, and recommended fixes as API, CLI, MCP, webhooks, and plugins launch around the same data.
HOW IT WORKS
Enter up to 5 public URLs you want checked. No repo or server access required.
index365 checks HTTPS, headers, DNS, cookies, mixed content, and exposed signals.
Get a per-URL findings list ranked by severity, with the fix for each one.
Prioritized fixes
5 foundFREE CHECK
The security scan checks public HTTPS, TLS, headers, DNS, cookies, and exposure signals from the dashboard.
Start scan4 of 6 checks passing. Public signals sampled.
CHECKLIST
A single scan inspects every public-facing signal an attacker would see first, from TLS and headers to DNS and exposed tech.
TLS config and strict transport
CSP, X-Frame, Referrer-Policy
Secure, HttpOnly, SameSite
Email authentication records
DNS security posture
HTTP assets on HTTPS pages
Version banners and fingerprints
Browser feature controls
What is reachable and indexed
PLAN FIT
Free shows a limited homepage report. Plans unlock whole-site coverage across all three tools.
Monthly homepage audit
Billed monthly
Billed monthly
Billed monthly
Enterprise: unlimited sites, SSO, quarterly report review, and custom agent workflow support.
Talk to usAI-Readiness Audit, Marketing Signal Audit, and Website Security Scan are live. Plans unlock full-site coverage and monitoring where included.
Create a project and run the public-surface scan from the dashboard on a paid plan.