You can have a full security report on your website in under 60 seconds — for free. No credit card, no sales call, no 14-day trial countdown. This guide walks you through every step, from sign-up to reading your results.
Step 1: Create Your Free Account
Go to shieldreport.co and click "Get Started Free." You'll sign up with your email or GitHub account. The entire registration takes about 10 seconds, and there's no credit card field because there's nothing to pay during our launch promo.
Step 2: Add Your Domain
From the dashboard, click "Add Domain" and enter the domain you want to scan — for example, example.com or app.yourcompany.io. ShieldReport scans any publicly accessible domain, whether it's a marketing site, web application, API endpoint, or staging environment.
Step 3: Verify Ownership
To prevent unauthorised scanning, ShieldReport requires you to prove you control the domain. You have two options:
- DNS verification — add a TXT record to your domain's DNS settings. ShieldReport provides the exact record to add, and most DNS providers propagate within minutes.
- File verification — upload a small verification file to your web server's root directory.
Verification is a one-time step. Once your domain is verified, you can run unlimited scans without re-verifying.
Step 4: Run Your First Scan
Click "Scan Now" and the ShieldReport engine goes to work. Behind the scenes, it's running dozens of security checks in parallel:
- TLS certificate and protocol analysis
- HTTP security header evaluation
- Cookie security attribute checks
- OWASP Top 10 vulnerability testing
- DNS record and email authentication analysis
- Port scanning and service detection
- Subdomain discovery
- Server fingerprinting and information disclosure checks
Most scans complete in 30–60 seconds. You'll see a progress indicator while the scan runs.
Step 5: Read Your Security Report
Your report opens automatically when the scan finishes. Here's how to navigate it:
- Security score — a letter grade (A+ to F) summarising your overall posture.
- Findings by severity — issues are categorised as critical, high, medium, low, or informational. Start with critical and high findings.
- Detailed explanations — each finding includes what was detected, why it matters, and the specific attack it enables.
- Remediation steps — plain-English instructions plus code snippets you can copy directly into your configuration.
Step 6: Fix What Matters
You don't need to fix everything at once. ShieldReport prioritises findings by real-world exploitability, so focus on the critical and high items first. Common quick wins include:
- Adding missing security headers (often a single line in your web server config).
- Upgrading TLS to 1.2+ and disabling weak cipher suites.
- Setting Secure, HttpOnly, and SameSite attributes on cookies.
- Adding SPF, DKIM, and DMARC records to prevent email spoofing.
After making changes, run another scan to verify the fixes. ShieldReport highlights what improved and what's still outstanding.
Step 7: Set Up Continuous Monitoring
Security isn't a one-time task. Set up scheduled scans (daily, weekly, or monthly) so ShieldReport automatically checks your domain and alerts you when new vulnerabilities appear or configurations drift. This is included free during the launch period.
What Happens After the Free Launch Period?
When we transition to paid plans, early users get the best pricing available. We'll give advance notice before any changes. Until then, scan as much as you want — every feature is unlocked.
Ready to see where your website stands? Create your free account at shieldreport.co and run your first scan now.