Run a comprehensive security audit across SSL, DNS, DMARC, SPF, CVEs, breaches, and more — in one scan. Get your 0-100 security score instantly.
What Does This Health Check Cover?
Our free domain health check runs all nine security checks in parallel to give you a comprehensive audit in under 30 seconds.
-
🔒
SSL / TLS Certificate — Validates your certificate chain, checks expiry dates, and detects misconfigured certificates.
-
📧
SPF Record — Verifies your SPF record exists and is correctly configured to prevent email spoofing.
-
🛡️
DMARC Policy — Checks your DMARC record for enforcement level and alignment settings.
-
🐛
CVE Vulnerabilities — Fingerprints your server stack and checks the NVD and CISA KEV databases.
-
🔍
Data Breach Monitoring — Scans breach databases for compromised credentials associated with your domain.
-
👁️
Lookalike Domain Detection — Identifies typosquat variants that could be used for phishing.
-
📋
WHOIS & Registrar — Snapshots your registrar and nameservers to detect hijacking.
-
🌐
Google Safe Browsing — Checks your domain against malware, phishing, and unwanted software lists.
-
🔗
Subdomain Discovery — Finds subdomains via Certificate Transparency logs.
How We Calculate Your Score
Your domain starts at a perfect score of 100. Each security issue found deducts points based on severity:
Critical issues (expired SSL, known exploited CVEs, active data breaches) carry the highest penalties — up to 25 points each.
Warnings (missing DMARC, SPF softfail, SSL expiring soon) deduct 5-15 points depending on risk level.
Informational findings (best practice recommendations) have minimal or no score impact.
The final score maps to a label: ALL CLEAR (80-100), HEADS UP (50-79), or UNDER THREAT (0-49).
Frequently Asked Questions
What does the domain health score measure?
Your domain health score (0-100) measures your domain's security posture across nine categories: SSL/TLS certificates, DNS email security (SPF, DMARC, DKIM), CVE vulnerabilities, data breaches, lookalike domains, WHOIS changes, Google Safe Browsing status, subdomain exposure, and DNSSEC configuration.
How is the security score calculated?
Your domain starts at 100 and loses points for each security issue found. Each check category carries a weighted penalty based on severity — critical issues like expired SSL or known CVEs have the highest impact. The final score maps to one of three labels: ALL CLEAR (80-100), HEADS UP (50-79), or UNDER THREAT (0-49).
Is the domain health check really free?
Yes, completely free. You can check any domain without creating an account. The free scan runs all nine security checks and shows your top findings. Sign up for a free account to see the full report and set up continuous monitoring.
Can I scan any domain or only ones I own?
You can scan any domain. Our scanner only queries publicly available information — the same data anyone can access via DNS lookups, SSL certificate checks, and public databases. To set up continuous monitoring with alerts, you'll need to verify domain ownership.
How often should I check my domain's health?
We recommend checking at least weekly. SSL certificates can expire unexpectedly, DNS records can be modified, and new vulnerabilities are published daily. For best protection, set up automated monitoring with GuardHound to get instant alerts when your score changes.
Protect your domain 24/7
Stop checking manually. GuardHound runs automated scans daily (or hourly on Pro) and alerts you the moment your security score drops.
Start Free Monitoring →
Explore Individual Security Tools
Learn More About Domain Security