Run a free external security scan
The public scan runs TLS, security headers, DNS, mail-auth posture, and origin/edge signals—no CSP/CORS/cookie scanners on this tier. You get a shareable report in about 15 seconds.
By running a scan you confirm you are authorized to assess this target. Read our Terms and safe-scanning policy.
How a public scan works
From URL to a real report
1. Enter a domain you're authorized to assess
Paste a URL or hostname. ExposureGrid will normalize it and pick a non-invasive set of checks.
2. Wait about 15 seconds
The scan runs from outside your perimeter. No agents, no installs, no payloads.
3. Review findings with evidence
Each finding includes a severity, the exact evidence we observed, and a remediation step you can actually use.
4. Share or upgrade
Share the token-protected report URL with your team, or create an account to keep monitoring the domain.
What you'll see
Findings, evidence, and a security score
Security score
A 0 to 100 posture score with category breakdowns, so you can see at a glance where the biggest wins are.
Findings with evidence
Every finding comes with a severity, the exact data we observed, and a remediation step to take next.
Shareable URL
Public scan reports live behind a long, unguessable token. Share it with a teammate, vendor, or auditor.
Want to monitor it over time?
A one-off scan answers 'right now.' Monitoring answers 'is it still true?'
A single scan is a snapshot. The real value shows up when you can see how posture changes between deploys, certificate renewals, and third-party updates. Start a 14-day free trial to schedule recurring scans, save full history, and get notified when posture regresses.
Start your 14-day free trial14-day trial monitors 1 domain. No credit card required. Plans from $29/mo after the trial.