Anonymous, aggregate scan data

The weak spots we find most often

These are the security, email, accessibility and SEO issues we look for and find most across public websites. The same checks a pentester runs first. Your site probably has a few of them. Find out for free.

No account needed. We only scan your public homepage · see everything we check

13

recurring issue types on this page, from a leaking version banner to a missing anti-spoofing record.

Straight from our real check catalogue.

01 · Most common

The issues almost every site gets wrong.

Ranked by how often we see them. Most are a one-line fix, and each one is a door left ajar until it is closed.

02 · Most critical

The ones worth fixing this week.

Higher-impact findings: an expired or invalid certificate, no HTTPS, or a domain anyone can spoof email from. These are the ones an attacker looks for first.

  • Security serious

    No HTTPS

    Without HTTPS all traffic is readable and modifiable in transit.

  • Security critical

    Invalid TLS certificate

    A certificate that is expired, self-signed or issued for a different hostname makes browsers block the site with a security warning.

  • Security serious

    TLS certificate expiring soon

    An expired certificate makes browsers show a full-page security warning and blocks every visitor until it is renewed.

  • Email security serious

    Missing SPF record

    SPF tells receiving mail servers which servers may send on behalf of your domain; without SPF anyone can spoof your domain.

  • Email security serious

    Missing DMARC record

    DMARC decides what receivers do with mail that fails SPF/DKIM, and gives you reports about abuse.

  • Security serious

    Missing HSTS header

    Strict-Transport-Security forces browsers to always reach the site over HTTPS, which protects against downgrade attacks.

03 · Where these numbers come from

Aggregate, anonymized, never a single site named.

Anonymous

Counts only, no sites

We only ever count how many scans raised a given check. No site, URL or scan result is ever shown here, and a finding is only listed once it appears across enough different sites to stay anonymous.

In the Netherlands

Your data stays put

All scan results live on our own private server in the Netherlands. No third-party analytics, no tracking, and we never sell data. See our privacy & data page.

Straight from the scanner

The same checks you get

Every issue above is a real check from our catalogue, described exactly as it would appear in your own report. See every check we run →

Your turn

See which of these are on your site.

A free scan checks your homepage against this whole catalogue in under a minute. No account needed. Verify your domains and Radar keeps watching them every month.

Free scan, no account needed
Free to start Anonymized insights Built by a pentester