Free · No Login · No Backend

Security Posture
Self-Assessment

A two-part forensic scan: live DNS-over-HTTPS lookups of your email authentication, plus a guided questionnaire on the controls a scan can't see. We compute a scored dossier — entirely in your browser. Nothing is stored, submitted, or shared.

Part 01Live Domain Scan

Email & DNS Posture

Enter your business domain. We run live DNS lookups straight from your browser (nothing is stored or sent to a server) and grade how well your domain is protected against email spoofing.

Client-side · Cloudflare / Google DoH · No data stored

Part 02Guided Questionnaire

Controls We Can't See

0/8 answered

Eight questions on the protections a DNS scan can't see from the outside. Answer honestly. Nothing here leaves your browser.

  1. 01Is multi-factor authentication (MFA) enforced for all users?Especially email, VPN, and admin consoles.
  2. 02Does the team use a managed password manager?A shared, audited vault beats reused or spreadsheet-stored passwords.
  3. 03How often is privileged / admin access reviewed?Stale admin accounts are a top breach vector.
  4. 04Do endpoints run managed detection & response (EDR/MDR)?Beyond consumer antivirus — monitored, with response capability.
  5. 05What is your patch / update cadence?Unpatched systems are the most common ransomware entry point.
  6. 06Do you have tested backups following 3-2-1?3 copies, 2 media, 1 offsite — and restores actually verified.
  7. 07Is there a written incident-response plan?Who to call, what to do, in what order — before an incident.
  8. 08Do staff get regular security-awareness training?Including phishing simulations.
Generate Report

0 of 8 questions answered. To stay honest, anything you skip is scored as the weakest option.