Free · no signup · instant

Any obvious misconfigurations on your domain?

Passive security check on your domain. We look at TLS, security headers, email authentication, and DNS hygiene, and give you an immediate grade plus a findings list in plain English.

  • Results in under 30 seconds
  • Browser-visible checks only — nothing active
  • Hosted report at an unguessable link for 7 days
  • Same rigor as SSL Labs and Security Headers, one report

Use your root domain, for example example.com. We cover www and email records automatically.

Leave blank to just view the report. Add an email to also receive a copy of the link.

Passive checks only. 5-15 seconds.

Your report, your link.

Every scan produces a dedicated report page at attackedge.io/free-check/report/<token>. The token is long and unguessable, so nobody stumbles onto your report — but anyone you send the link to can open it.

  • Not published, not indexed. The report is not linked from anywhere on this site, does not appear in search, and is blocked from search crawlers.
  • Shareable. Treat the URL as your share token. Send it to your IT person, your agency, or anyone else who should see the findings.
  • Auto-removed after 7 days. After that, the link stops working. Run the scan again any time to produce a fresh one.

What the free check covers.

The free check is entirely passive — everything below is a thing a normal browser would see when it visits your site. No active scanning, no port probing, no signup required.

  • TLS version, cipher, certificate hygiene
  • HTTP security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy)
  • Email authentication (SPF, DKIM, DMARC, MTA-STS, BIMI)
  • DNS records (A, AAAA, MX, NS, CAA) and reverse DNS
  • Basic tech fingerprinting from public response headers

Only in a paid scan.

These checks need active probing or authorisation, so they live in the paid one-off Scan or a subscription plan.

  • Known-CVE sweep across your whole stack
  • Subdomain enumeration and perimeter mapping
  • Exposed admin panels, .git/.env, backup-file discovery
  • WordPress, WooCommerce, Shopify plugin vulnerability checks
  • Subdomain takeover risk detection
  • Exposed cloud storage (S3, Azure Blob, GCS)
  • Secrets leaked in public JavaScript
  • A plain-English report with a prioritised fix list
Start a paid scan for $79$49Full methodology →