Continuous external visibility
See your sites the way an attacker, a browser, or a crawler sees them. ExposureGrid runs scheduled, non-invasive scans so you always know what's exposed today.
Platform
External attack-surface monitoring for the public web
ExposureGrid focuses on the configuration drift attackers actually use, and the misconfigurations real customers actually notice, across every public surface your business depends on.
Misconfiguration detection
Most real web incidents start with a misconfiguration: missing HSTS, weak CSP, loose CORS, brittle cookies, or an expiring cert. ExposureGrid finds those first.
Drift & regression monitoring
Posture changes constantly: new deployments, new edges, new third parties. ExposureGrid tracks the delta so a careless change doesn't quietly turn into an incident.
ExposureGrid separates public-safe scans from verified-domain managed scans. Public scans remain intentionally limited. Deeper exposure checks, including modern app and API modules, require an authenticated subscriber, domain verification, explicit scanner selection, and bounded passive outbound requests to hosts you control.
What we observe
Signals ExposureGrid collects on every scan
Each signal becomes one or more findings: severity, evidence, and a remediation step written for the person who will fix it.
TLS / certificate posture
Protocol versions, cipher quality, chain validity, expiry windows, hostname matching, and HSTS interaction.
Read scanner detail →Security response headers
HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP/COEP and friends.
Read scanner detail →Content-Security-Policy
Directive coverage, dangerous fallbacks, unsafe-inline / unsafe-eval, wildcard hosts, and nonce / hash usage.
Read scanner detail →CORS configuration
Wildcards, credentialed origins, reflected origins, missing Vary, and risky overlap with cookie-based auth.
Read scanner detail →Cookie hygiene
Secure / HttpOnly / SameSite attributes, scope leakage, and session-cookie posture across subdomains.
Read scanner detail →Mail-authentication posture
SPF, DKIM, DMARC alignment, MTA-STS publication, and DNS hygiene that drives phishing resistance.
Read scanner detail →DNS governance
Authority chains, nameserver dispersion, dangling records, and risky CNAME patterns.
Read scanner detail →Trust & coverage signals
Every report comes with an explicit coverage statement so you know what was checked, what was skipped, and why.
Read scanner detail →Verified-domain asset discovery
Subscribed teams run bounded subdomain discovery scoped to domains they verified. Results feed inventories and downstream takeover/storage checks—not anonymous public probes.
Read scanner detail →Takeover & DNS drift awareness
CNAME fingerprints and SaaS banners are sampled passively—no account takeover attempts, ever.
Read scanner detail →Storage inventory signals
When enabled, ExposureGrid probes only domain-derived bucket/host candidates and records listing indicators, redacted snippets, never full objects.
Read scanner detail →Principles
How ExposureGrid thinks about external scanning
Honest about scope
ExposureGrid is an external posture scanner. It complements penetration testing, code review, runtime monitoring, and formal compliance programs. It doesn't replace any of them.
Evidence first
Every finding ships with the raw evidence we observed (headers, certificate fields, DNS responses) so you can verify, hand off, or contest a result.
Safe by default
We use lightweight, externally observable checks. No payloads, no fuzzing, no credential testing, no destructive probes.
For small teams
ExposureGrid is opinionated so you don't need a security team to act on findings. Each finding is written for the developer or admin who'll fix it.
Want to see how findings render? Run a free public scan →
Add a domain. See what's exposed today.
Run a one-off public scan, or create a free account to keep monitoring continuously.