External security assessment — 20+ checks, no login required

Security intelligence
for the modern web.

20+ automated checks in 60 seconds. Evidence-backed findings with business impact and fix instructions — built for teams that ship fast.

No credit card required. Results in under 60 seconds.

20+

Security Checks

< 60s

Scan Time

100+

Fix Templates

OWASP Top 10·PCI DSS v4.0·NCSC Guidance·RFC 7208/7489/9116

20+

Security checks per scan

<60s

Scan time, start to finish

0

Credentials required

Non-intrusive
No exploitation
Evidence-backed
Consistent results every time
OWASP Top 10 alignedPCI DSS v4.0 checksNCSC guidanceUK-registered companyGDPR compliant

How it works

From URL to intelligence
in 60 seconds.

01

Scan

Enter your domain. 14 security checks run in parallel — results in under 60 seconds.

02

Understand

Every finding comes in plain English with business impact and confidence level. No jargon.

03

Act

Numbered fix instructions for your developer, or book a remediation call and we handle it.

04

Prove

Watch your score improve. Get alerts when things change. Build a compliance evidence trail.

Real findings

What our assessments uncover.

Evidence-backed findings with business impact and exact remediation steps. These are real findings from real assessments.

CRITICAL

Payment security policy not enforced

Your browser-level defence against checkout skimming is in monitoring mode — not active. Injected scripts could capture payment details.

$ Content-Security-Policy-Report-Only header detected with form-action wildcard
HIGH

Origin server directly accessible

Your actual server IP was discovered through DNS records. Attackers can bypass your CDN and firewall entirely.

$ MX record resolves to origin IP, direct HTTPS returns full site
HIGH

Email domain can be spoofed

Your email authentication is not enforcing protection. Someone could send emails appearing to come from your business.

$ SPF uses soft fail (~all), DMARC set to p=none
CASE STUDY

£10M+ retailer discovered critical
security gaps — externally.

A UK fashion retailer with Cloudflare, Stripe, and a third-party agency assumed they were secure. A single SentrAI assessment proved otherwise.

17

findings identified

48hrs

to fix all critical issues

1

config change fixed 60% of issues

The majority of vulnerabilities were not complex exploits — they were misconfigurations.

Modern tools and infrastructure don't guarantee security. These gaps were externally visible, exploitable with minimal effort, and had gone unnoticed internally.

“We thought we were secure because we used Cloudflare and Stripe. SentrAI showed us what we were actually exposing.”

— Head of Engineering, UK e-commerce retailer

Comprehensive

14 checks. Every scan.

The same areas a pen tester examines on their first pass — automated.

DNS Records
SSL/TLS
Security Headers
Content Security Policy
Email Authentication
Technology Detection
Third-Party Scripts
Origin Exposure
Cookie & GDPR
CORS Configuration
Attack Surface Recon
External Links
Compliance Signals
Multi-Page Analysis

See what we'd find
on your site.

Free. 60 seconds. No signup required.

Continuous monitoring

Websites change.
Security shouldn't.

A single scan is a snapshot. Continuous monitoring catches the regressions that happen between audits — automatically, every week or every day.

Start monitoring

Deployment regressions

Your developer deploys on Friday. A security header is removed. SentrAI catches it by Monday.

Third-party script changes

A marketing tag is updated. It now loads from a suspicious origin. You get an alert immediately.

Certificate expiry

Your SSL certificate expires in 14 days. You get a warning before your site goes down.

Pricing

Simple pricing.

Start with a free assessment. Upgrade for full reports, continuous monitoring, compliance evidence, and managed remediation.

Save 30% — 2 months free

What's included in every scan

20+ security checks (SSL, DNS, headers, CSP, email auth, CORS, JS supply chain, and more)
Risk score with industry benchmark comparison
Top 3 findings with evidence
Platform detection

Just need to know what's wrong? Get your full security report for £29 — no subscription required.

Free

£0

One scan to see where you stand.

  • 1 website
  • 3 scans per month
  • Limited findings preview
  • Risk score & benchmarks
  • Technology detection
Most popular

Starter

£34/month

£49/monthSave 30%

Full reports, weekly monitoring, and compliance evidence.

  • 1 website
  • Unlimited scans
  • Full findings with evidence & fixes
  • Weekly monitoring & email alerts
  • Monthly compliance PDF
  • Score tracking over time
  • "Fix this for me" requests

Pro

£104/month

£149/monthSave 30%

Multiple sites, daily monitoring, team access.

  • Up to 10 websites
  • Daily monitoring & Slack alerts
  • Before/after fix verification
  • Developer share links
  • Team access
  • Priority processing
  • Monthly compliance PDF

Why SentrAI vs free tools?

Free scanners cover a single angle. SentrAI checks 20+ areas and tells you exactly how to fix every issue.

SecurityHeaders.io

Grades headers only

SentrAI: We check 20+ areas including DNS, email, JS supply chain

SSL Labs

SSL only

SentrAI: We cover the full external attack surface

Mozilla Observatory

Checklist

SentrAI: We give evidence, fix instructions, and continuous monitoring

Need an internal code audit, ongoing security retainer, or managed remediation?

FAQ

Common questions.