SecObs
Sign in Scan free
Features Pricing How it works About Sign in Scan your site free
Features

Everything you need to see — nothing you don't.

Start agentless with the free website scanner. Add the lightweight monitoring agent on your own servers when you're ready to watch your infrastructure too.

Agentless · free

Website Scanner

Enter a URL and get a security grade in seconds. Every check is passive — the same things a browser does on a normal request, plus public DNS lookups. Nothing to install, no ownership proof required.

  • A–F grade — scored by severity, not a wall of jargon.
  • Plain-English fixes — each finding comes with what's wrong, why it matters, and how to fix it.
  • Prioritized — critical and high-severity issues surface first.
What the scanner checks

Six passive checks, no probing.

All non-intrusive. Active checks like port scanning come later — only after domain-ownership verification.

SSL/TLS certificate

Validity, expiry, issuer, and protocol version. Flags expired, soon-to-expire, or deprecated TLS.

HTTP security headers

HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy.

Cookie flags

Checks each cookie for the Secure, HttpOnly, and SameSite flags.

CMS & version

Detects WordPress, Joomla, Drupal, Shopify and more — and flags exposed software versions.

HTTP → HTTPS redirect

Confirms plain HTTP requests are redirected to HTTPS so traffic can't be intercepted.

Email security

Looks up SPF and DMARC records via public DNS to flag spoofing and phishing risk.

Optional agent · self-hosted

Infrastructure Monitoring

A lightweight agent you install on your own servers, with your consent. It reports system metrics so you can see what "normal" looks like — and spot when something isn't.

  • CPU, memory & network tracked over time on a live dashboard.
  • Per-host view — add as many servers as you run.
  • You stay in control — the agent runs on your infrastructure, on your terms.
On the agent

Security Detections

Metrics tell you what's running. Detections tell you when something's wrong. The agent watches for the events that actually matter on a small-business server.

  • Suspicious ports — unexpected services listening for connections.
  • Suspicious outbound connections — traffic leaving your box to somewhere it shouldn't.
  • Offensive-tool processes — known attacker tooling running on the host.
  • Failed-login bursts — brute-force attempts against your services.
On the dashboard

Live Threat Map

Your security alerts and threat-intel hits are geolocated onto a live world map, so you can see at a glance where the traffic hitting your infrastructure is coming from.

  • Real attackers from your own security alerts, plotted by origin.
  • Threat-intel overlay — known malicious IPs from indicator feeds.
  • Ranked by volume — the loudest sources rise to the top.

See your grade first.

The scanner is free and takes about 15 seconds. Add monitoring whenever you're ready.

Scan your site free See pricing