Can it scan private or internal hosts?

No. Private, local, test, IP-only, credentialed, and custom-port targets are blocked.

Does it prove origin IP exposure?

No. CDN and origin signals are best-effort context and are not proof of origin leakage.

Live website report

Website Exposure Scanner

Q: Is this a vulnerability scan?

No. It is an exposure estimate based on public DNS and HTTP/HTTPS signals only.

Check what your public website exposes through HTTPS, redirects, security headers, DNS records, IPv6, and basic CDN/origin signals.

Use this as a first-pass website exposure estimate: what is visible, what is normal, what needs review, and what to fix first.

Run website scan Open Public Exposure Report

Result first Top issues next Technical details below

Safe Copy is available after the scan. It keeps issues and fixes while avoiding raw headers, exact sensitive values, oversized payloads, credentials, cookies, and tokens. See Safe Copy model.

Diagnosis first

Website Exposure Estimate

Run a scan to see website exposure results.

Website Exposure Estimate Ready No scan has run yet.

Enter one public domain or URL to check DNS, HTTPS, redirects, headers, HSTS, mixed content, IPv6 DNS, and basic CDN/origin signals.

Share the safe version from this result. Safe Copy keeps the website diagnosis and recommended fixes, while raw response details stay out of support tickets by default.

Copy safely Safe Copy

Top risks second

Top Issues

Maximum five issues, prioritized by severity.

Run a scan to see top issues.

Results appear in plain language before raw details.

Fixes third

Recommended Fixes

Actions are written for website, DNS, CDN, and hosting owners.

Technical details last

Connected Checks

Collapsed by default. Long values stay inside contained blocks.

How to read it

What the scanner checks

Public signals only, no account and no monitoring.

Transport and redirects

HTTPS availability, HTTP to HTTPS upgrade behavior, limited redirect chain, final status, and final host context.

Headers and browser protections

HSTS, Content-Security-Policy, frame protection, nosniff, referrer policy, permissions policy, and selected response metadata.

DNS and domain policy

A, AAAA, CNAME, NS, CAA, and limited DNSSEC DS/DNSKEY signals from a recursive DNS-over-HTTPS resolver.

Website exposure clues

Static mixed-content references, IPv6 DNS visibility, and cautious CDN/origin indicators without claiming origin IP proof.

Visible limits

Limitations

Clear boundaries keep the report honest.

This is an exposure estimate based on public DNS and HTTP/HTTPS signals. It is not a vulnerability scan, penetration test, malware scan, uptime monitor, or guarantee of security.

TLS certificate details may be limited by the runtime.
DNSSEC detection is a limited signal unless full validation is available.
Missing advanced security headers do not automatically mean the site is compromised.
Mixed-content detection is based on static HTML and may miss JavaScript-loaded resources.
CDN/origin exposure detection is best-effort and not proof of origin leakage.

Share safely

Copy Report

Safe copy keeps issue summaries and recommended fixes, but avoids raw headers and exact sensitive values.

Use safe copy before pasting a report into a ticket, chat, or vendor support request.

Monitoring coming next

Website change history and alerts are planned

Monitoring will compare website exposure history for SSL, HTTPS, redirects, HSTS, CSP, security headers, CAA, DNSSEC, mixed content, and hosting/CDN signal changes.

SSL and HTTPS regressions
HSTS or CSP removed
Redirect/final URL changes
CAA and DNSSEC signal changes

Run full report

Focused follow-up

Open a focused tool when one signal needs deeper review.

Public Exposure Report Domain Intelligence Report AI/Search Visibility Scanner Domain Security Scan Email Deliverability Doctor DNS Lookup Security Headers Checker SSL Certificate Checker Redirect Checker IP Blacklist Checker ASN Lookup