30+ checks, full transparency

Every check, every signal,
explained in plain English.

We don't believe in black boxes. Here is every security signal we run against your domains, inboxes, and websites — and what each one means for your business.

Email security

The #1 attack vector for SMEs — and the first thing a security-literate buyer asks about.

  • SPF record validation

    Parses v=spf1, detects +all permissive flag, warns on DNS lookup limits.

  • DMARC policy monitoring

    Alerts if p=none or missing; tracks changes over time.

  • DKIM selector probing

    Checks common selectors (default, google, mail, selector1) for active keys.

  • MX + STARTTLS

    Ensures mail servers support transport-layer encryption.

  • Email blacklist check

    Queries MXToolbox reputation sources.

SSL / TLS

Downtime from an expired cert is embarrassing and expensive. We prevent both.

  • Certificate expiry countdown

    90/60/30/7/1-day warnings. Critical alert if <7 days.

  • Cipher strength + TLS version

    Flags TLS 1.0/1.1, weak ciphers, insecure negotiation.

  • Chain validation

    Detects missing intermediate certs and mismatched SANs.

  • HTTP → HTTPS redirect

    Ensures all traffic is encrypted end-to-end.

  • Mixed content

    Detects http:// resources loaded on https:// pages.

Security headers

Standard hardening that most SMEs skip because their hosting provider doesn't set defaults.

  • HSTS

    Strict-Transport-Security with min 15,552,000s max-age.

  • X-Frame-Options

    Prevents clickjacking via iframe embedding.

  • Content-Security-Policy

    Validates CSP exists and is not overly permissive.

  • X-Content-Type-Options / Referrer-Policy / Permissions-Policy

    Standard browser hardening.

  • Server version disclosure

    Flags Server: nginx/1.x or Apache/2.x headers.

Exposed paths

The embarrassing stuff: config files, backups, database dumps sitting in web roots.

  • .git / .env exposure

    Probes common paths; critical finding if response contains secrets.

  • phpinfo() / admin panels

    Detects /wp-admin, /admin, /phpmyadmin, /info.php.

  • Backup artefacts

    .sql, .tar.gz, .zip, .bak files in root or common paths.

  • Directory listing

    Detects Apache/nginx autoindex enabled.

Brand protection

Someone registered yourbank-login.com three days ago. You should know now, not after a phishing campaign.

  • Typosquatting detection

    dnstwist-based permutations: character swap, homoglyph, hyphenation, TLD swap.

  • Domain risk scoring

    Weights MX, SSL age, website content similarity, WHOIS age.

  • CT log monitoring

    Daily crt.sh polling for new cert issuances mentioning your brand.

  • Defensive portfolio

    Namecheap-powered buy links for critical typosquats.

WordPress + Magento

80% of SME breaches start in a CMS. We monitor both continuously.

  • WP / Magento version + plugin CVE scan

    Cross-references wpvulnerability.com + OSV.

  • Magecart skimmer detection

    Hashes payment-page scripts and flags unauthorised injections.

  • Third-party script audit

    Inventory of every external JS; alerts on new additions.

  • PCI DSS basic controls

    Automated checks against the PCI SAQ A-EP control set.