Show HN: DomainOptic – Free Web Security audit that scans what other tools miss
domainoptic.comI built DomainOptic after almost shipping my Stripe key in a production bundle.
It runs 6 checks in a few seconds:
* SSL Certificate - validity, expiration, protocol - DNS Health - SPF, DKIM, DMARC (email spoofing protection) * Security Headers - CSP, HSTS, X-Frame-Options * Blacklist Status - spam/malware list checks * Secret Scanner - finds leaked API keys in public JS bundles (AWS, Stripe, Firebase, etc.) * Ghost API Hunter - exposed Swagger docs, GraphQL endpoints, debug routes
Every scan gets A+ to F grades with plain English explanations as to why you'd care.
The last two are the differentiators, most SSL checkers exist, but few tools passively scan your frontend for shipped secrets or forgotten /api endpoints.
Looking for feedback on false positive rates and what other checks would be useful.
No comments yet.