SecurityStatus.io is a domain security assessment and external attack surface monitoring platform that evaluates the internet-visible security posture of websites and domains. It is designed for security teams, IT and DevOps teams, and agencies that need an external view of domain configuration and exposure without installing agents on scanned systems.
SecurityStatus.io runs 40 automated checks grouped into four categories and summarises results as a 100-point score or letter grade (A+ to F), with category-level scoring showing how each area contributes to the overall grade. The four check categories are:
Encryption and SSL – certificate validity and expiry, TLS protocol and cipher configuration, certificate transparency signals, HTTPS redirect behaviour, and SSL coverage across common subdomains
DNS and Email Security – domain and email controls including SPF, DKIM, DMARC, MTA-STS, TLS reporting records, BIMI, DNSSEC, and CAA records
Headers and Web App – HTTP security headers and related browser-facing configuration signals
Infrastructure and Intelligence – open ports, subdomain takeover indicators, CVE exposure signals, exposed secrets, and dark web exposure monitoring
Scans are initiated by entering a domain name and evaluating publicly accessible information. Results are presented as category scores and issue-level findings grouped by severity, with remediation guidance provided so teams can address specific gaps and verify fixes by rescanning.
The platform supports repeat scans and scan history for tracking changes over time. Additional capabilities include scheduled scans, email alerts on findings, PDF security reports, and an embeddable security status widget.
Common use cases include baseline assessments during onboarding, periodic external security reviews, verification after DNS, hosting, certificate, or application changes, and producing evidence for security questionnaires and audit requests that depend on externally verifiable configuration checks.
