What’s Publicly Visible About Your Domain?
Enter a domain (like example.com) to see a simple, plain-English view of publicly accessible DNS and HTTPS information. This is not a scan — it only uses standard DNS and HTTP/HTTPS connections.
Domain
Security Score
Report Summary
Informational heuristic (not a substitute for a security audit)
WEB HEADERS
TLS/SSL
EMAIL AUTH
SPF (Email Sender Policy)
Shows whether your domain publishes an SPF record.
DMARC (Email Authentication Policy)
Indicates whether your domain publishes a DMARC policy.
DKIM (Email Signing)
Detects published DKIM selector records and reports key strength.
HTTP → HTTPS Behavior
How your site responds to basic HTTP requests.
SSL Certificate (Basic View)
Looks at the public certificate returned on port 443.
HSTS Header Not Detected
The HSTS (Strict-Transport-Security) header was not found in this response. HSTS strengthens your security posture.
Note: If your site uses Cloudflare, Go High Level (GHL), or another CDN/edge provider, HSTS may be set at the edge but hidden from public scanners. This does not mean HSTS is not enforced—it may simply be invisible to this check. You can verify HSTS by checking your site in securityheaders.com or your provider's settings.
Missing Headers
These security headers are not currently present in your response.
Warnings
These headers have configuration issues that should be addressed.
HTTP Security Headers
Shows browser security headers returned in the response. Only reflects the specific response checked.
| Header Name | Value | Status |
|---|
Advanced Cross-Origin Headers
(Advanced — Not included in Security Score)
These headers are optional hardening options that provide additional cross-origin protection but are not scored.
Email This Summary
Get a copy of this public visibility summary delivered to your inbox.
Debug View (Local Only)
?debug=1Raw data used to build this report, including the final host for security headers.