📚 What This Scanner Checks
Website Security Scanner combines three independent checks — each also available as a standalone tool — into a single pass so you get the full picture without running three separate lookups:
| Category | What's Checked | Standalone Tool |
| SSL/TLS | Certificate validity, days remaining, issuer, from Certificate Transparency logs | SSL Certificate Checker |
| HTTP Headers | HSTS, CSP, X-Frame-Options, and other browser-enforced defenses | Security Headers Checker |
| Email Authentication | SPF record presence and syntax; DKIM record presence at common selectors | SPF Lookup & DKIM Lookup |
🏆 How the Overall Score Works
Each of the three categories contributes roughly a third of the overall score. Within SSL, an expired or soon-expiring certificate weighs heaviest. Within headers, HSTS and CSP carry the most weight since they block the highest-impact attack classes. Within email authentication, having neither SPF nor DKIM configured at all is treated as the most significant gap, since it leaves the domain fully spoofable.
⚠️ What a Combined Scan Doesn't Replace
This is a breadth-first overview, not a substitute for a full penetration test, live TLS/cipher-suite audit, or DMARC policy review. For deeper analysis of any single category, use the dedicated standalone tool linked in the table above, or read our full 20-point Website Security Checklist.
🛠️ Use Cases
🚀
Pre-Launch Sanity Check
Run one scan before shipping a new site to catch the most common, highest-impact gaps in under a minute.
🔄
Post-Migration Verification
After a hosting, CDN, or DNS provider migration, quickly confirm nothing important silently broke.
📊
Vendor / Third-Party Due Diligence
Get a quick baseline read on a vendor or partner's public-facing security posture before deeper engagement.
📈
Tracking Improvement Over Time
Re-scan periodically to confirm security posture is trending in the right direction as fixes get deployed.
What does Website Security Scanner check? +
SSL/TLS certificate validity via Certificate Transparency logs, HTTP security headers, and SPF/DKIM email authentication presence — all in one combined scan.
Is this the same as Security Headers Checker? +
No — Security Headers Checker focuses solely on headers with a detailed breakdown. This scanner combines that with SSL and email authentication for a broader, less granular overview.
What is a good overall security score? +
85+ generally reflects solid configuration across all three categories. Below 60 usually points to at least one major gap.
Does a low score mean my site is actively being attacked? +
No — it reflects missing defensive configuration, not an active compromise. It highlights preventable gaps, not evidence of an ongoing incident.
Can I scan a domain I don't own? +
Yes. Certificate Transparency logs, public HTTP headers, and public DNS records are all publicly accessible information by design.
Is this scan free and unlimited? +
Yes — free, unlimited scans, no sign-up required.
Does this replace a full penetration test? +
No — it's a breadth-first automated overview of public-facing configuration, not a substitute for manual security testing or a live TLS/cipher audit.
Why does the scan check email authentication for a website tool? +
A domain's email configuration is part of its overall security posture — a website can have a perfect SSL/headers setup while remaining fully spoofable for phishing via email if SPF/DKIM are unset.
Can I get a detailed breakdown instead of just a score? +
Yes — each of the three category cards shows specifics, and you can always drill into the dedicated standalone tool (SSL Checker, Security Headers Checker, SPF/DKIM Lookup) for full depth.
How often should I re-run this scan? +
After any hosting, DNS, or CDN change, and periodically otherwise (quarterly is reasonable for most sites) to catch silent regressions.
Does a missing DKIM selector count against my score even if I use a different selector? +
The scan checks a handful of common selectors (google, selector1, k1, etc.) — if your domain uses a non-standard selector, use the dedicated DKIM Lookup tool with your exact selector for an accurate check.
Can I download or share the scan results? +
Yes — use the Print / Save as PDF button, or copy the raw JSON for your own records or ticketing system.
Why is my score different from Security Headers Checker's grade? +
This scanner's score blends three categories together, so a strong headers grade can still be pulled down by a weak SSL or email authentication result, and vice versa.
Does this tool check DMARC too? +
Not in the current version — it checks SPF and DKIM presence. For full DMARC policy analysis, this is planned for a future update; in the meantime check your DMARC TXT record manually via DNS Lookup.
Can I use this to compare two domains side by side? +
Not automatically within one view — run the scan on each domain separately and compare the score cards, or export both as JSON for your own comparison.