[SYS // TOOL] Perimeter Health-Check

Free Website
Security Check

DNS records, open ports, TLS certificate validity, and HTTP security headers — checked against NIS2 Annex II perimeter controls and returned in plain English.

What does a perimeter scan check?

DNS

Verifies SPF, DMARC, and DKIM records. Missing or permissive email-authentication policies are among the most exploited attack vectors — they enable domain spoofing, phishing, and business-email compromise at scale.

Port scan

Checks whether management interfaces (SSH, RDP, admin panels) are reachable from the public internet. Exposed ports that should be internal are a direct path for automated brute-force and exploitation.

TLS / Certificate

Validates your certificate chain, expiry date, and protocol version. Expired or self-signed certificates destroy user trust and break modern browser policies. Weak TLS versions (TLS 1.0/1.1) are deprecated and exploitable.

HTTP headers

Checks for Content-Security-Policy, HSTS, X-Frame-Options, X-Content-Type-Options, and Permissions-Policy. These headers instruct browsers how to handle your content and prevent a class of client-side attacks including XSS and clickjacking.

Together these four probes form a quick but meaningful snapshot of your domain's public attack surface. They do not replace a full penetration test, but they surface the most common misconfigurations that automated bots scan for every hour of every day.

Each finding is mapped to a severity level — critical, high, medium, or low — so you know where to focus your remediation effort first. Critical findings typically mean an attacker can actively misuse your domain or intercept traffic today.

How my site scores

A real scan of peternurmi.com — not cherry-picked.

Static · 30 Jun 2026
[SCAN // PETERNURMI.COM]completed

Target

peternurmi.com

Score

Needs work

Coverage

4/4

Scanned

30 Jun 2026

Probe results

DNSPASS
Port scanPASS
TLS / CertificatePASS
HTTP headersPASS

Findings

1 critical
CRITICAL

Alternate HTTP management port exposed to the internet

Check your domain

Enter any domain you own or have permission to test.

[SCANNER // ON-DEMAND]

Only scan domains you own or have explicit permission to test. Scans take 60–120 seconds.

Frequently asked questions

What does the scanner check?

It runs four probe types against your domain: DNS record health (SPF, DMARC, DKIM), open port exposure, TLS/certificate validity, and HTTP response-header security (CSP, HSTS, X-Frame-Options, and more). Each probe maps to NIS2 Annex II perimeter controls.

How long does a scan take?

Most scans complete in 60–90 seconds. The scanner contacts your live infrastructure in real time — there is no cache. You will see a live progress indicator while it runs.

Is the scan passive or intrusive?

Passive. The scanner only queries publicly visible services (DNS resolvers, TCP handshakes, TLS negotiation, plain HTTP HEAD requests). It does not attempt exploits, credential stuffing, or fuzzing.

What data is stored?

Nothing about your domain is persisted. Only a global scan counter is incremented to show total community usage. Your findings are returned directly to your browser and never logged.

Can I scan any domain?

You may only scan domains you own or have explicit written permission to test. Scanning third-party infrastructure without permission may violate the Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act, or equivalent local laws.

Why are there critical findings on your own site?

That is a real scan of peternurmi.com taken on 17 June 2026. The findings are genuine — it is a developer portfolio, not a production service, so hardening was deprioritised. The page exists partly as honest documentation of what the tool finds.

[LEGAL // SCOPE]

This tool performs passive, non-intrusive checks against publicly reachable infrastructure only. It does not attempt authentication, exploit vulnerabilities, or store any scan results. Only scan domains you own or have explicit written permission to test. Unauthorised scanning of third-party systems may violate applicable computer-fraud and cybercrime laws including the CFAA (US), the Computer Misuse Act 1990 (UK), and equivalent legislation in your jurisdiction. The tool is provided “as is” with no warranty of completeness or fitness for a particular purpose. Results do not constitute legal or security advice.