SentrAISentrAI
Non-intrusive external scan — no login required

See what's actually
happening to your site.

Whether you manage security yourself, rely on your team, or trust an agency — SentrAI shows you what's really exposed, with evidence and exact fixes.

No credit card required. Results in under 60 seconds.

Non-destructive scanning
No exploitation or intrusive testing
Evidence-based findings only

What we actually find.

Real findings from external assessments — explained in terms your business understands.

CRITICAL

Payment security policy not enforced

Your browser-level defence against checkout skimming is in monitoring mode — not active. Injected scripts could capture payment details without browser resistance.

Content-Security-Policy-Report-Only header detected with form-action wildcard
HIGH

Origin server directly accessible

Your actual server IP was discovered through DNS records. Attackers can bypass your CDN and firewall protections entirely by connecting directly.

MX record resolves to origin IP, direct HTTPS returns full site
HIGH

Email domain can be spoofed

Your email authentication (SPF/DMARC) is not enforcing protection. Someone could send emails appearing to come from your business to your customers.

SPF uses soft fail (~all), DMARC set to p=none
CASE STUDY

£10M+ retailer discovered critical
security gaps — externally.

A UK e-commerce business with modern infrastructure, CDN protection, and third-party payment gateways assumed they were secure. An external SentrAI assessment proved otherwise.

17

findings identified

0

internal credentials needed

1

config change fixed 60% of issues

CRITICAL

Sensitive configuration exposed

Debug mode revealed internal application structure, API endpoints, infrastructure details, and authentication tokens in cleartext.

CRITICAL

Unrestricted cross-origin requests

Access-Control-Allow-Origin: * meant any external website could make authenticated requests, risking data exfiltration.

CRITICAL

Weak API access controls

Protection relied on a User-Agent header check — easily bypassed, allowing programmatic access to all API endpoints.

HIGH

No rate limiting

Unlimited login attempts and unrestricted API requests exposed the platform to brute-force and credential stuffing attacks.

HIGH

Single point of failure

All services on a single instance with no auto-scaling, no WAF, and high susceptibility to service disruption.

HIGH

Missing security headers

CSP, HSTS, and X-Frame-Options were absent — increasing exposure to XSS, clickjacking, and data injection.

The critical insight

The majority of vulnerabilities were not due to complex exploits — but misconfiguration. Despite using modern tools and infrastructure, the implementation created gaps that were externally visible, exploitable with minimal effort, and had gone unnoticed internally.

“Security is not about having the right tools — it's about knowing what's actually happening in your environment.”

Trusted by businesses who take
security seriously.

From e-commerce to SaaS — SentrAI helps teams understand what's really happening.

We thought our site was secure because we had Cloudflare. SentrAI showed us 12 configuration gaps we had no idea about — our agency never flagged any of them.

Operations Director

UK E-Commerce Retailer

Score improved from 34 to 87

The report paid for itself in the first week. We found our payment scripts were loading without integrity checks on every page — not just checkout.

CTO

SaaS Platform

3 critical fixes in 24 hours

I finally have evidence I can show our insurer and clients. Before SentrAI, I had no way to prove we were monitoring our security posture.

Managing Director

Digital Agency

Cyber Essentials evidence in 30 days

How it works.

From URL to actionable intelligence in under 60 seconds.

01

Scan

Enter your domain. In under 60 seconds, you'll know exactly what's exposed — no login, no installation, no technical knowledge needed.

02

Understand

Get security in your language, not developer jargon. Every finding comes with what it means for your business and how confident we are.

03

Act

Send fix instructions directly to your developer, or let us handle remediation. No more guessing whether the right things are getting done.

04

Prove

See your score improve over time. Build a compliance evidence trail. Know — don't hope — that your site is protected.

Simple pricing.

Start free. Upgrade when you need full reports, monitoring, or managed remediation.

Free

£0

One scan to see where you stand.

  • 1 website
  • Limited findings preview
  • Risk score
  • Technology detection

Starter

£79/month

Full reports and weekly monitoring.

  • 1 website
  • Unlimited scans
  • Full findings with evidence
  • PDF report export
  • Email alerts
  • Score tracking

Pro

£299/month

Multiple sites with team access.

  • Up to 10 websites
  • Unlimited scans
  • Before/after comparisons
  • Developer share links
  • Team access
  • Priority support

Need more websites, managed remediation, or a custom plan?

Common questions.