Sample report — fictional domain, real report structure. This is exactly what you receive after your scan.
Get your report →Overall Risk Level
MEDIUM
demo-corp.example
25
out of 100
Overall risk: MEDIUM. Findings: 1 MEDIUM, 4 LOW, 3 INFO.
Security Posture Summary
Email Security
Review
TLS
Strong
DNS Health
Strong
Web Hardening
Review
Port Exposure
Review
Key Findings
No DMARC record found. Without DMARC, email receivers cannot take action on SPF/DKIM failures, and attackers can send email that appears to come from your domain.
HSTS tells browsers to always use HTTPS for your domain, preventing SSL stripping attacks and accidental insecure connections.
CSP restricts which resources the browser loads, mitigating cross-site scripting (XSS) and data injection attacks.
Prevents your site from being embedded in iframes on other domains, blocking clickjacking attacks.
Instructs browsers not to sniff the MIME type, preventing a class of attacks that exploit type confusion.
Observations
Informational. These do not affect the risk score.
Missing security header: Referrer-Policy
Controls how much referrer information is included with requests.
Missing security header: Permissions-Policy
Controls browser feature access (camera, microphone, etc.).
Email provider: Google Workspace detected
MX records indicate that Google Workspace (Gmail) handles email for this domain. This is an informational observation.
Remediation Steps
-
1
Publish a DMARC record: <code class="font-mono text-accent text-xs">_dmarc TXT v=DMARC1; p=reject; rua=mailto:dmarc@demo-corp.example</code>
-
2
Add header: <code class="font-mono text-accent text-xs">Strict-Transport-Security: max-age=31536000; includeSubDomains</code>
-
3
Define a Content-Security-Policy appropriate for your application.
-
4
Add header: <code class="font-mono text-accent text-xs">X-Frame-Options: DENY</code> or <code class="font-mono text-accent text-xs">SAMEORIGIN</code>
-
5
Add header: <code class="font-mono text-accent text-xs">X-Content-Type-Options: nosniff</code>
-
6
Add header: <code class="font-mono text-accent text-xs">Referrer-Policy: strict-origin-when-cross-origin</code>
-
7
Add a Permissions-Policy header to restrict unnecessary browser APIs (camera, microphone, geolocation).
Technical Details
Email Security
| SPF Present | ✅ Yes |
| SPF Record | v=spf1 include:_spf.google.com ~all |
| DMARC Present | ❌ No |
| DMARC Policy | — |
| DMARC Record | — |
| DKIM | ✅ Detected |
TLS Certificate
| Connected | ✅ Yes |
| Issuer | Let's Encrypt |
| Subject | demo-corp.example |
| Expires | 2026-09-15T00:00:00Z |
| Days Remaining | 186 |
| Hostname Match | ✅ Yes |
| TLS Version | TLSv1.3 |
Security Headers
| Strict-Transport-Security | ❌ Missing |
| Content-Security-Policy | ❌ Missing |
| X-Frame-Options | ❌ Missing |
| X-Content-Type-Options | ❌ Missing |
| Referrer-Policy | ❌ Missing |
| Permissions-Policy | ❌ Missing |
Port Exposure
| Port 80 (HTTP) | 🔓 Open |
| Port 443 (HTTPS) | 🔓 Open |
| Port 25 (SMTP) | 🔒 Closed |
| Port 465 (SMTPS) | 🔒 Closed |
| Port 587 (SMTP/STARTTLS) | 🔒 Closed |
| Port 8080 (HTTP-alt) | 🔒 Closed |
| Port 8443 (HTTPS-alt) | 🔒 Closed |
DNS Records
| A Records | 203.0.113.42, 203.0.113.91 |
| AAAA Records | none |
| MX Records | 10 aspmx.l.google.com., 20 alt1.aspmx.l.google.com. |
| Nameservers | ns1.registrar-dns.com., ns2.registrar-dns.com. |
WHOIS / Domain Info
| Registrar | NameCheap, Inc. |
| Created | 2021-04-12 |
| Expires | 2027-04-12 |
| Domain Age | 1431 days |
Scope & Limitations: This report reflects publicly observable signals at the time of the scan. It does not assess internal systems, application code, authentication mechanisms, or infrastructure configuration. DKIM detection is best-effort only. WHOIS data accuracy depends on registrar cooperation. Port checks use short timeouts and may miss firewalled services.
SurfaceSentinel — External Security Posture Review
Sample report — demo-corp.example • fictional data for illustration
Ready to see yours?
Get a report for your domain.
One-time payment. No account required. Results in under a minute.
See Pricing →