How a scan works
A security checkupfor your website.
Think of a WebHound scan like the security check a hotel does on every door in the building. We look at your website the same way an attacker would — but we only read what's already public. Nothing on your site changes. Nothing breaks. You just learn what's exposed.
What we look at
Six areas. Thousands of checks. One report.
Every scan runs the same complete sweep. You don't have to know what to look for — that's our job.
Where you live online
Like checking the address on your mailbox.
We confirm your domain points where you think it does, that no one has set up a lookalike, and that your SPF / DMARC email records actually protect your inbox.
The lock on your door
Like making sure the deadbolt is rated and not about to fail.
We test your SSL certificate, the encryption it uses, and the protocols your server still accepts. If a browser would refuse to load your site next month, you find out today.
What your site tells the world
Like reading the signs on the outside of the building.
HTTP headers tell every browser how to behave around your site — whether to allow framing, run scripts from external domains, or trust content from your servers. Misconfigured headers are how most clickjacking and XSS attacks succeed.
Who you’re connected to
Like checking who has keys to your office.
Every external script, image host, ad network, and analytics tool you load is a potential entry point. We map every third party your site reaches out to and flag the risky ones.
What you’ve left lying around
Like checking the filing cabinets aren’t unlocked.
Old admin pages, exposed backups, public git folders, and forgotten staging URLs are how breaches usually start. We hunt the obvious doors and the not-so-obvious ones.
How you handle your visitors
Like checking that the consent forms actually work.
Cookies, tracking scripts, and analytics often violate GDPR / CCPA without you knowing. We audit every cookie your site sets and every domain it talks to before consent.
Is this safe to run?
Yes. WebHound is passive— we read the same public information your visitors see. We never log in, never submit forms, never try exploits. It's the difference between reading a sign on a building and trying to pick the lock.
How long does it take?
Most scans finish in under two minutes. Large sites with many pages take a few minutes longer. You can close the tab — we'll email the report when it's done.
For site owners & security teams
Verifying WebHound traffic
WebHound identifies itself honestly on every request — we never spoof a browser or disguise what we are. If you see this User-Agent in your logs, it's us:
WebHoundScanner/1.0 (+https://webhoundsecurity.com/scanner)