Vitki · security scan

Find out how exposed your site really is. Results emailed in 1–3 minutes

One scan of your homepage. We check HTTP security headers, TLS certificate strength, DNS email-spoofing records (SPF and DMARC), server version disclosure, and publicly reachable sensitive paths. Letter grade and top issues, by email. No phone call, no upsell drip.

The homepage is enough. We scan one page on the quick scan.

We send the report once. No marketing list, no drip campaign.

Scan typically completes in 1–3 minutes

What you get

  • Security grade A–F. Graded on HTTP headers, TLS strength, DNS records, and information exposure.
  • HTTP security headers. HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy — each individually assessed.
  • TLS certificate check. Protocol version, cipher strength, certificate expiry, and whether auto-renewal is likely in place.
  • HTTPS redirect. Whether HTTP traffic is properly redirected to HTTPS, preventing session interception.
  • DNS email security. SPF and DMARC record presence and policy — the records that prevent email spoofing of your domain.
  • Server disclosure. Whether the Server or X-Powered-By headers expose your exact software versions to attackers.
  • Information leak detection. Checks for publicly reachable sensitive paths like .env, .git, and admin panels.
  • Actionable fix suggestions. Every finding comes with a plain-English remediation step.

Want help fixing these?

The quick scan covers your homepage and publicly observable configurations. A full security assessment includes penetration testing, authenticated scanning, and manual review of server configuration, application logic, and access controls.

Vitki Forge offers authorized security engagements — header hardening, TLS configuration, CSP implementation, and ongoing monitoring.

All scans

Every scan runs the full suite. The entry point determines which grade leads your report.

Legal Risk ADA, Unruh, CIPA, GDPR compliance — the statutes that drive web lawsuits SEO Health Meta tags, structured data, heading hierarchy, sitemap, internal links Performance Core Web Vitals, render-blocking resources, image optimization, caching Security HTTP headers, TLS certificate, DNS email spoofing, server disclosure

Disclaimer. This is an automated, non-invasive security scan. It checks HTTP headers, TLS configuration, DNS records, and publicly reachable paths. It does NOT perform penetration testing, fuzzing, or active exploitation. Results reflect a single point in time. For a comprehensive security assessment, engage a qualified security professional with written authorization.