< All products
LIVEIn every plan

Website Security Scan

Find public security gaps across HTTPS, headers, cookies, DNS/email records, mixed content, and exposed tech signals.

In every plan

Included in paid plans.

yoursite.com/audit
68/ 100

Security score

  • HTTPS + HSTSEnabled
  • CSP headerMissing
  • Cookie flagsPartial
  • SPF + DMARCValid

Attacker's-eye view

A public-surface security scan for HTTPS, headers, cookies, DNS, and exposed tech.

Ranked by severity

Findings sorted by risk, each with a concrete fix to apply.

Not a penetration test

This is not a penetration test. Browser-visible, publicly available signals only.

WHY IT MATTERS

Most breaches start with what is already public. See your exposed surface before someone else does.

HTTPS gaps, missing headers, and loose cookies are visible to anyone. The Website Security Scan surfaces them, ranked by severity.

THE REPORT

See what an attacker sees first

One scan returns a report and a prioritized list of the public-facing security gaps on the page you audit.

yoursite.com/audit
68
SCAN COMPLETESecurity scan · 68 / 100

4 of 6 checks passing on this page.

  • HTTPS + HSTSEnabled
  • CSP headerMissing
  • Cookie flagsPartial
  • SPF + DMARCValid

STRUCTURED OUTPUT

Built for review, action, and re-runs.

Each product returns the score, URLs, severity, evidence, remediation, and structured output. Use the dashboard for review and the CLI, MCP, API, webhooks, and skills when your coding agent needs the result.

Review workflow

Review the score, prioritize findings, export reports, and assign fixes inside the dashboard.

Coding agent workflow

Use structured run IDs, affected URLs, severity, evidence, and recommended fixes through the CLI, MCP, API, webhooks, and skills your coding agent already runs.

HOW IT WORKS

From scan to fix in minutes

  1. 01

    Submit

    Enter the public URL you want checked. No code or server access required.

  2. 02

    Scan

    index365 checks HTTPS, headers, DNS, cookies, mixed content, and exposed signals.

  3. 03

    Report

    Get a findings list ranked by severity, with the fix for each one.

Get notified

Prioritized fixes

5 found
  • Add a CSP headerHigh
  • Set Secure + HttpOnly cookiesHigh
  • Publish a DMARC policyMedium
  • Remove server version bannerLow

FREE CHECK

AI-Readiness starts free. Paid plans run the security scan.

The security scan checks public HTTPS, TLS, headers, DNS, cookies, and exposure signals from the dashboard.

Start scan
yoursite.com/audit
68
SCAN COMPLETESecurity scan · 68 / 100

4 of 6 checks passing on this page.

  • HTTPS + HSTSEnabled
  • CSP headerMissing
  • Cookie flagsPartial
  • SPF + DMARCValid

CHECKLIST

Everything the audit checks

A single scan inspects every public-facing signal an attacker would see first, from TLS and headers to DNS and exposed tech.

HTTPS + HSTS

TLS config and strict transport

CSP + headers

CSP, X-Frame, Referrer-Policy

Cookie attributes

Secure, HttpOnly, SameSite

SPF + DMARC + DKIM

Email authentication records

MX + CAA records

DNS security posture

Mixed content

HTTP assets on HTTPS pages

Exposed tech

Version banners and fingerprints

Permissions-Policy

Browser feature controls

Public surface map

What is reachable and indexed

PLAN FIT

Start free. Upgrade to audit any page.

Free shows a limited homepage report. Paid plans run all three tools on any single page on your domain.

Free

Two homepage AI-Readiness scans a month. Sign in to run.

$0

Free forever

  • Unlimited projects
  • Agent API, MCP and CLI access
  • 2 homepage scans a month
  • AI-Readiness audit
  • 7-day history
Start free

Pro

All three products and 100 monthly credits.

$18/mo

10% off, billed yearly at $216

  • Unlimited projects
  • Unlimited agent calls
  • 100 credits a month
  • All three products
  • 30-day history
Get started

Enterprise

Custom credits, SSO, and dedicated support.

Custom

Contact us to scope it

  • Unlimited projects
  • Unlimited agent calls
  • Custom credits
  • All three products
  • Custom history and SSO
Talk to us

Common questions

AI-Readiness Audit, Marketing Signal Audit, and Website Security Scan are live. Paid plans add all three products.

See what your exposed surface is saying.

Create a project and run the public-surface scan from the dashboard on a paid plan.