Comprehensive DNS, SSL, port scanning, email authentication & security headers analysis across 16 modules. Zero signup required.
This domain scanner runs five security checks against any domain in seconds. No login. No credentials. Nothing installed.
The email authentication record that tells receiving servers what to do with messages that fail verification. A missing or permissive DMARC policy (p=none) means your domain can be spoofed. Insurers flag it immediately.
Sender Policy Framework lists which mail servers are authorized to send email on behalf of your domain. An absent or broken SPF record is an open door for phishing.
Validates your mail exchange configuration and checks for common misconfigs that expose your email infrastructure.
Checks validity, expiration date, and whether the cert covers all relevant subdomains. An expired or misconfigured SSL cert signals neglect and gets you flagged in compliance audits.
Scans for headers like Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options. Missing headers are the low-hanging fruit attackers and auditors both look for first.
Flags exposed services that do not belong on a public-facing domain. An open admin port is the equivalent of leaving a fire door propped open.
Email spoofing, phishing, and brand impersonation all start with a weak domain configuration. If your DMARC policy is set to p=none, anyone can send email that appears to come from your domain, and your mail server will accept it without flagging it.
Cyber insurers know this. Before they quote you, they run your domain through tools like BitSight and SecurityScorecard. A p=none DMARC policy, expired SSL cert, or open admin port will raise your premium, sometimes significantly.
This domain analyzer gives you the same visibility before the audit. Fix the problems first. Then let the insurer scan. The same logic applies to compliance: SOC 2, ISO 27001, and most cyber insurance underwriting frameworks check the exact controls this tool surfaces.
Scores run from 0 to 100. Here is what each range means:
The single fastest fix to move your score: set your DMARC policy from p=none to p=quarantine. It takes one DNS record change and typically moves the needle 10–20 points. The second fastest: add a Strict-Transport-Security header to your web server config.
Managing multiple client domains? Use the ComplianceLayer API to scan all of them programmatically. One API call per domain, consistent results, no browser required.
curl "https://compliancelayer.net/v1/scan?domain=clientdomain.com" \ -H "Authorization: Bearer YOUR_API_KEY"
Build a script, pipe the results into a dashboard, and monitor every client domain on a schedule. See the API documentation for full response schema, rate limits, and authentication.