Before you renew cyber insurance, scan what underwriters can see.
Carriers increasingly validate public security signals before quoting, renewing, or paying claims. Run a passive Exposure Report first so DMARC, TLS, security-header, and public-footprint issues are visible to you before they are visible to the carrier.
Honest boundary: this is a passive public-surface check. It does not replace your policy questionnaire, internal control evidence, EDR/MFA validation, or carrier-specific underwriting requirements.
Passive, public-surface checks only — no login, no agents, no intrusive testing. Scan domains you own or manage. How scoring works
Find visible renewal risk
Catch public gaps that commonly trigger underwriting follow-up, premium pressure, or remediation requests.
Turn findings into evidence
Keep scan results, remediation notes, and retest proof together before submitting renewal paperwork.
Fix the highest-confidence items first
Prioritize visible DMARC, TLS, and header fixes before broader security-program work.
Email authentication
SPF, DKIM, and DMARC records that reduce spoofing and invoice-fraud exposure.
TLS and HTTPS trust
Certificate validity, redirect hygiene, and browser-visible trust signals.
Security headers
HSTS, CSP, clickjacking, referrer, and content-type controls underwriters and customers can see.
Public footprint
Subdomains, stale DNS/vendor signals, lookalike domains, and public-code exposure indicators.
- Current Exposure Report score and top findings
- Screenshots or exported DNS/TLS/header evidence before changes
- Remediation notes for any HIGH findings that cannot be fixed before renewal
- Retest results after DNS, TLS, or header changes propagate
Need the visible findings fixed before renewal?
Use the free scan first, then route high-confidence DMARC, TLS, and security-header findings into a focused remediation request.