DNS & Infrastructure
Resolution, NS/MX, CAA, DNSSEC hints, IPv6 posture, CDN guesses, and authoritative context—aligned to the DNS score band.
Read-only checks
Free · No account
Perimeter
Domain Posture Scanner
Your public footprint · one report
See How Your Domain Looks to the Internet
Perimeter runs read-only checks across DNS, certificates, HTTP security, email authentication, technologies, and exposure—then turns what we find into a scored, shareable report you can export or print.
- Clarity — section scores and an overall posture label
- Evidence — prioritized findings with context and next steps
- Deliverables — PDF, JSON, CSV, and print-friendly HTML
Run a scan
Enter a domain you own or are authorized to assess. Most scans finish in under a minute.
New here? View the sample report to explore the layout before you scan.
How Perimeter Fits
Compare what you get here with a manual checklist or a full penetration test—so you know what to expect before you run a scan.
| Perimeter | Manual checklist | Full pen test | |
|---|---|---|---|
| What it is | Automated read-only scan and scored report | You run tools yourself (dig, OpenSSL, browser, spreadsheets) | Scoped engagement with specialists and tooling |
| Depth | Broad coverage: public DNS, TLS, HTTP headers, mail DNS, fingerprints, exposure hints | As deep as your time and consistency allow | Deep on agreed scope; may include app logic and auth |
| Exploitation / intrusive tests | No — discovery only, no exploitation | Your choice | Often includes validation and exploitation |
| Typical time | Under a minute | Hours to days | Days to weeks |
| Best for | Baseline posture, triage, and stakeholder-ready exports | Learning and one-off audits | Pre-release assurance, compliance, high-risk apps |
19
Total Scans
13
Scans Today
9
Major Areas Scored
∞
Exports Per Report
0
Exploits or intrusive tests
What We Analyze
Nine weighted areas feed your scorecard: DNS, registration (RDAP), public website behavior, TLS, HTTP headers, email authentication, technology fingerprinting, exposure, and compliance & transparency. Checks run in sequence; you get one combined report.
Registration (RDAP)
Registrar, registration and expiry dates from RDAP where the TLD exposes them—separate from pure DNS answers.
Website & Reachability
HTTPS surface, redirects, compression hints, tracking/script signals, and well-known paths such as security.txt—how the site presents to visitors.
TLS & Certificates
Handshake review, expiry and chain signals, protocol probes, and Certificate Transparency name sampling.
HTTP & Headers
Security headers (HSTS, CSP, framing, referrer policy) and transport behavior on your HTTPS surface.
Email Authentication
SPF, DMARC, DKIM selectors, MTA-STS/TLS-RPT hints, BIMI and DANE notes where DNS supports them.
Technology & Components
Front-end and CMS fingerprinting with optional version intel—so you can spot outdated dependencies faster.
Exposure & Privacy
Cookie/consent hints, mixed content and forms, surface discovery—high-level signals beyond a single homepage.
Compliance & Transparency
security.txt and related transparency checks, robots/sitemap signals, and policy-oriented findings where we can infer them passively.
Deliverables
Each scan gets a link you can share with your team. Export in the format that fits your workflow.
- PDF Executive-friendly layout
- JSON Automation & archiving
- CSV Findings in spreadsheets
- Print Browser print stylesheet
How It Works
-
Enter a domainChoose full or partial coverage.
-
We gather public signalsRead-only checks—no passwords or exploits.
-
Review your reportScores, findings, and exports in one place.
Built For Responsible Use
Perimeter is for domains you own or are explicitly authorized to assess. We don’t run exploits, guess credentials, or perform aggressive port scans. Fair-use rate limits keep the service healthy; your report stays tied to this browser session.
- No account wall
- Weighted severity scoring
- Session-scoped reports