Why scan your website?
43% of cyberattacks target small businesses. 60% close within 6 months of a breach. The average cost of a small business data breach is $120,000. And here's the hard part: 95% of website vulnerabilities aren't sophisticated zero-days — they're simple misconfigurations. Missing HTTP security headers. SSL configs that haven't been updated in years. Admin panels exposed to the public internet. .env files returning 200 OK with live API keys. The Intel Report catches them in under 60 seconds.
What we check
Every scan runs through over 50 individual security checks across the following categories:
- TLS/SSL configuration — certificate validity, cipher suite strength, protocol support (TLS 1.0/1.1 deprecation), HSTS, OCSP stapling.
- HTTP security headers — Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, Strict-Transport-Security.
- Exposed endpoints —
/admin,/wp-admin,/.git,/.env,/phpinfo.php, backup files, debug panels. - CMS & software fingerprinting — WordPress, Drupal, Joomla, Shopify; outdated plugin and theme versions.
- Cookie security — Secure, HttpOnly, SameSite attributes; session fixation vectors.
- DNS & email auth — SPF, DKIM, DMARC, MTA-STS records for domain impersonation defense.
- Content integrity — mixed content warnings, subresource integrity on external scripts.
AI-powered remediation with Google Gemini
Most security scanners hand you a list of problems and walk away. The Intel Report uses Google Gemini to translate each finding into a prioritized action plan with specific, paste-ready code fixes for your stack. No more Googling "how to configure Content-Security-Policy for WordPress" — the fix is written for your exact site in plain English. This is the same detection engine used on defense contracts, now available to small businesses for free.
Who it's for
Small business owners who don't have a CISO and can't afford a $40K pentest but still need to know their website isn't a liability. Freelance web developers who want to hand clients a professional security report at the end of every build. Agency owners managing dozens of client sites who need a quick way to audit their portfolio. Startup founders who just launched and want a sanity check before the first customer hits the site. E-commerce operators who know that a breach is an existential risk and want to stay ahead of it.
Frequently asked questions
Is The Intel Report really free?
Yes. You can scan any website and see the first 5 findings free, with no signup required. Only the full PDF remediation report ($9.99) is paid — and that's optional.
What does the scanner check for?
Over 50 checks including SSL/TLS configuration, HTTP security headers (CSP, HSTS, X-Frame-Options), exposed files (.env, .git, admin panels), CMS fingerprinting, outdated software detection, and DNS/email authentication records (SPF, DMARC, DKIM). The full list is above.
Is the scanner safe to run on my website?
Yes. The scan is completely passive and non-intrusive — it does not attempt exploitation, brute force, or any active attacks. It will not trigger your intrusion detection system or affect site performance. You can safely run it on production sites.
Do I need to create an account?
No. Free scans require no signup. You only need to sign in (with Google, one click) to unlock the Gemini-powered AI remediation analysis or to purchase the full PDF report.
How long does a scan take?
Typically 30 to 60 seconds depending on your site's size and response times. There is no queue — scans run immediately when you submit a URL.
Who built The Intel Report?
The Intel Report was built by NSI Corp, a defense cybersecurity company based in San Antonio, Texas. The founder is a U.S. Army veteran (101st Airborne) and former defense contractor who experienced small business cyberattacks firsthand.
How accurate is the AI-powered remediation?
The scanner uses Google Gemini to translate technical findings into prioritized action plans with specific code fixes. Recommendations reflect current industry best practices. As with any security guidance, we recommend reviewing changes with a qualified security professional before deploying to production.