Check HTTP security headers, SSL certificates, DMARC records, and exposed sensitive files. Get an actionable security grade in seconds — no login required.
HTTP security headers · SSL/TLS certificate validity · DMARC DNS record · Exposed .env and .git/config files
Passing checks earn points toward 100. Critical failures trigger automatic F regardless of other results.
Only scan systems you own or are explicitly authorised to test. Passive observation only.
Christian Oguine · CEH Certified · Cybersecurity & Full-Stack Developer · Ghent, Belgium
Scanning in progress
Running header, SSL, DMARC, and file exposure checks in parallel...
Something went wrong
Findings
Four categories of surface-level security checks run in parallel on every scan.
Checks for CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and technology disclosure headers.
Verifies the certificate is valid and checks how many days remain before expiry.
Checks for a DMARC record and evaluates the policy strength against email spoofing.
Attempts to access /.env and /.git/config — files that should never be publicly reachable.
Other things built by Christian Oguine.
Production-deployed authentication and authorisation API. JWT, sessions, RBAC, audit logging, Zero Trust infrastructure with Netbird WireGuard, and Wazuh SIEM with MITRE ATT&CK mapping.
Full retrieval-augmented generation engine built from scratch. Powers the AI assistant on my portfolio site. OpenAI embeddings, pgvector, GPT-4o-mini, streaming SSE, multilingual detection.
Automated web security scanner. HTTP headers, SSL, DMARC, exposed files. Weighted scoring, grade A to F, PostgreSQL persistence via Drizzle ORM. Open source.