Attacker's-eye view
A public-surface security scan for HTTPS, headers, cookies, DNS, and exposed tech.
Find public security gaps across HTTPS, headers, cookies, DNS/email records, mixed content, and exposed tech signals.
Security score
A public-surface security scan for HTTPS, headers, cookies, DNS, and exposed tech.
Findings sorted by risk, each with a concrete fix to apply.
This is not a penetration test. Browser-visible, publicly available signals only.
WHY IT MATTERS
Most breaches start with what is already public. See your exposed surface before someone else does.
HTTPS gaps, missing headers, and loose cookies are visible to anyone. The Website Security Scan surfaces them, ranked by severity.
THE REPORT
One scan returns a report and a prioritized list of the public-facing security gaps on the page you audit.
4 of 6 checks passing on this page.
STRUCTURED OUTPUT
Each product returns the score, URLs, severity, evidence, remediation, and structured output. Use the dashboard for review and the CLI, MCP, API, webhooks, and skills when your coding agent needs the result.
Review the score, prioritize findings, export reports, and assign fixes inside the dashboard.
Use structured run IDs, affected URLs, severity, evidence, and recommended fixes through the CLI, MCP, API, webhooks, and skills your coding agent already runs.
HOW IT WORKS
Enter the public URL you want checked. No code or server access required.
index365 checks HTTPS, headers, DNS, cookies, mixed content, and exposed signals.
Get a findings list ranked by severity, with the fix for each one.
Prioritized fixes
5 foundFREE CHECK
The security scan checks public HTTPS, TLS, headers, DNS, cookies, and exposure signals from the dashboard.
Start scan4 of 6 checks passing on this page.
CHECKLIST
A single scan inspects every public-facing signal an attacker would see first, from TLS and headers to DNS and exposed tech.
TLS config and strict transport
CSP, X-Frame, Referrer-Policy
Secure, HttpOnly, SameSite
Email authentication records
DNS security posture
HTTP assets on HTTPS pages
Version banners and fingerprints
Browser feature controls
What is reachable and indexed
PLAN FIT
Free shows a limited homepage report. Paid plans run all three tools on any single page on your domain.
Two homepage AI-Readiness scans a month. Sign in to run.
Free forever
All three products and 100 monthly credits.
10% off, billed yearly at $216
All three products and 300 monthly credits.
10% off, billed yearly at $648
Custom credits, SSO, and dedicated support.
Contact us to scope it
AI-Readiness Audit, Marketing Signal Audit, and Website Security Scan are live. Paid plans add all three products.
Create a project and run the public-surface scan from the dashboard on a paid plan.