Frequently Asked Questions

Everything you need to know about Scanward, our external security scanner, and how domain monitoring works.

About Scanward
What is Scanward?
Scanward is a free external security scanner and attack surface monitoring platform. It continuously monitors your domains across six security dimensions — SSL/TLS certificates, DNS records, HTTP security headers, email authentication (SPF, DKIM, DMARC), uptime, and domain registration expiry — and delivers a single A-F security grade. Built for teams that don't have a SOC.
What is an external security scanner?
An external security scanner checks your internet-facing assets (domains, websites, email servers) from the outside — the same perspective an attacker would have. Unlike internal vulnerability scanners that run inside your network, an external scanner looks for misconfigurations visible to anyone: expired SSL certificates, missing security headers, weak email authentication, DNS issues, and domain registration problems.
How is Scanward different from enterprise EASM tools?
Most external attack surface management (EASM) tools are built for enterprises — they cost $10,000+/year, require sales calls, and need dedicated onboarding. Scanward is self-serve, starts free, and focuses on the security checks that matter most for small teams. No asset discovery across unknown IP ranges — just focused, continuous monitoring of the domains you care about.
Who is Scanward for?
  • Small and medium businesses without a dedicated security team
  • IT managers and sysadmins responsible for domain security
  • Digital agencies managing multiple client domains
  • MSPs (Managed Service Providers) who need lightweight external monitoring alongside their RMM tools
What Scanward Monitors
What does Scanward scan?
Scanward runs six scanners on every domain:
  • SSL/TLS — certificate validity, expiry, TLS version, cipher strength (try it free)
  • DNS — A, AAAA, MX, NS, TXT, CNAME records, DNSSEC, dangling CNAMEs, zone transfers (try it free)
  • HTTP Security HeadersHSTS, CSP, X-Frame-Options, X-Content-Type-Options, Permissions-Policy, Referrer-Policy (try it free)
  • Email AuthenticationSPF, DKIM, DMARC records and configuration
  • Uptime — HTTPS reachability monitoring
  • Domain Registrationexpiry date, registrar lock status, registrar info via RDAP/WHOIS (try it free)
What is an A-F security grade?
Scanward scores each of the six security dimensions from 0-100, then combines them into an overall grade from A (excellent) to F (critical issues). The scoring weights issues by severity — an expired SSL certificate has a much bigger impact than a missing Permissions-Policy header. The grade gives you an instant snapshot of your external security posture.
Does Scanward check email security?
Yes. Scanward checks for SPF, DKIM, and DMARC records. These prevent email spoofing and phishing attacks. Without them, anyone can send email that appears to come from your domain. You can also use our free SPF Generator and DMARC Generator to create these records.
What is DNSSEC and does Scanward check it?
DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records, preventing attackers from spoofing DNS responses (cache poisoning). Yes, Scanward checks whether DNSSEC is enabled for every domain. Domains without DNSSEC are flagged and scored lower.
What is a dangling CNAME and why is it dangerous?
A dangling CNAME is a DNS record that points to a hostname that no longer exists (e.g., a deleted cloud service). Attackers can register the expired target and serve malicious content on your subdomain — a technique called subdomain takeover. Scanward automatically detects dangling CNAMEs during DNS scans.
What are HTTP security headers?
HTTP security headers are response headers your web server sends to tell browsers how to behave. Scanward checks for six critical headers: HSTS (forces HTTPS), Content-Security-Policy (prevents XSS), X-Frame-Options (prevents clickjacking), X-Content-Type-Options (prevents MIME sniffing), Permissions-Policy (controls browser features), and Referrer-Policy (controls referrer data). Use our free Security Headers Checker to test any domain.
How It Works
How often does Scanward scan my domains?
Scan frequency depends on your plan: Free scans every 24 hours, Pro every 12 hours, and Agency every 6 hours. You can also trigger a manual rescan at any time from the dashboard.
What alerts does Scanward send?
Scanward sends email alerts for:
  • Security grade drops (e.g., A → B)
  • SSL certificate approaching expiry (7 and 30 days)
  • Domain registration approaching expiry
  • Domain becoming unreachable (downtime)
  • Significant score drops on individual scanners
  • New security issues detected
  • Previously failing checks now passing (recovery alerts)
Can I generate PDF security reports?
Yes. Scanward generates branded PDF security reports for any domain in your dashboard. These are useful for sharing with clients, management, or compliance teams. Reports include all six scanner results, the overall security grade, and specific findings with remediation guidance.
Does Scanward offer free tools?
Yes. We offer six free security tools that require no signup:
Pricing
Is Scanward free?
Yes. The Free plan includes 1 domain with scans every 24 hours, all 6 scanners, email alerts, and PDF reports — forever, no credit card required.
What are the paid plans?
  • Pro — $29/month for 10 domains, scans every 12 hours
  • Agency — $79/month for 50 domains, scans every 6 hours
All plans include all features (all 6 scanners, alerts, PDF reports). The only differences are domain count and scan frequency.
How do I get started?
Sign up free, add your domain, and your first scan runs immediately. You'll have your security grade in under 60 seconds. No credit card required, no trial period — the free plan is free forever.

Ready to scan your domains?

Get your A-F security grade in under 60 seconds. Free forever for 1 domain, no credit card required.

Get Started Free →