01 Analyzing a Domain
You don't need an account to use LamaniSecure. Our scanner performs a passive audit, meaning it simulates a visitor's connection without attempting to hack or breach the site.
Run Scan
Click the Scan Now button to start the analysis.
Wait ~20s
We query global DNS servers, check SSL validity, and inspect HTTP headers in real-time.
02 Interpreting the Results
Your security report covers multiple domains: SSL, HTTP headers, DNS, and more. Expand each section below to learn what we check and what the results mean.
A. SSL Certificate
We check your certificate chain to ensure it is valid, trusted, and not expired.
B. HTTP Security Headers
Headers are instructions your server sends to the browser to enforce security rules.
| Header | Purpose |
|---|---|
Strict-Transport-Security | Forces browsers to always use HTTPS (HSTS). |
Content-Security-Policy | Prevents cross-site scripting (XSS) attacks. |
X-Frame-Options | Prevents clickjacking — hackers overlaying invisible buttons on your site. |
X-Content-Type-Options | Prevents MIME-type sniffing attacks. |
C. DNS & Mail Records
We validate your A, MX, and TXT records to ensure proper configuration.
SPF or DMARC records are critical. Without them, your business emails may land in spam folders and your domain is vulnerable to spoofing.
03 Fixing Vulnerabilities
Found issues in your scan? Here are step-by-step instructions to fix the most common problems.
Issue: Missing HSTS Header
Why it matters: Without Strict-Transport-Security, attackers can downgrade your visitors to an insecure HTTP connection via man-in-the-middle attacks.
Fix for Apache .htaccess
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"Fix for Nginx server block
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;Issue: Open Ports Detected
Why it matters: Open ports (like database port 3306 or FTP port 21) are open doors for brute-force attacks.
Fix: Configure Your Firewall
Block all incoming traffic except ports 80 (HTTP) and 443 (HTTPS).
sudo ufw default deny incoming
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enableIssue: Missing Content-Security-Policy
Why it matters: Without a Content-Security-Policy header, your site is vulnerable to cross-site scripting (XSS) attacks.
Starter Policy recommended
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:;Content-Security-Policy-Report-Only first to monitor without breaking your site.
04 Developer FAQ
Does LamaniSecure cache results?
No. Every scan is performed in real-time to give you the most up-to-date snapshot of your infrastructure. There is no stale data.
Can I scan a localhost or staging site?
LamaniSecure can only scan publicly accessible domains. We cannot access your local environment or private networks behind a VPN.
Is the scan safe to run on production?
Absolutely. LamaniSecure performs a passive audit — it only reads publicly available information. We never attempt to exploit or penetrate your server.
How often should I scan my site?
We recommend scanning after every deployment and at least once a month for ongoing monitoring of SSL expiration and header changes.
Need help fixing these issues?
If you're overwhelmed by DNS records and server configs, our team at Lamanify helps healthcare businesses and agencies secure their infrastructure.
Get Professional Help