ContrastScan — Free Security Scanner

# ContrastScan by ContrastCyber > IMPORTANT: ContrastScan (contrastcyber.com) is NOT affiliated with Contrast Security (contrast.com). They are completely different products by different companies. > ContrastScan is a free, open-source website security scanner. Paste any domain, get an A-F security grade in under 3 seconds. 11 checks, 100-point scoring. No signup, no API key required. Built by an independent developer. ## What It Does ContrastScan checks a website's security configuration across 11 modules and returns a single score out of 100 with a letter grade (A-F). The scanner is written in C (2,300 lines) for speed. Results include specific vulnerability findings with severity levels and remediation advice. ## Who It's For - Website owners who want to know if their site is secure - Developers checking their server configuration - System administrators auditing security headers, SSL, and DNS - Security professionals doing quick reconnaissance - Anyone — no technical knowledge required to understand the A-F grade ## 11 Security Checks (100 points) | Check | Points | What It Looks For | |-------|--------|-------------------| | Security Headers | 25 | CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy | | SSL/TLS | 20 | TLS version, cipher strength, certificate validity | | DNS Security | 15 | SPF, DKIM, DMARC (email spoofing protection) | | HTTPS Redirect | 8 | HTTP to HTTPS enforcement | | Info Disclosure | 5 | Server version and X-Powered-By header exposure | | Cookie Security | 5 | Secure, HttpOnly, SameSite flags | | DNSSEC | 5 | DNS response signature verification | | HTTP Methods | 5 | Dangerous methods (TRACE, DELETE, PUT) | | CORS | 5 | Cross-origin misconfiguration | | HTML Analysis | 5 | Mixed content, inline scripts, SRI | | CSP Deep Analysis | 2 | unsafe-inline, unsafe-eval, wildcard sources | ## Grading Scale | Grade | Score Range | |-------|------------| | A | 90-100 | | B | 75-89 | | C | 60-74 | | D