tools

bsns probe

Check your domain's DNS, website, TLS, headers, and email setup.

Free, open source, no account, no ads.

Enter a public domain, like example.com. Private hostnames and internal IPs are rejected.

Advanced email checks

Optional. Common selectors include google, selector1, selector2, k1, and default.

Checks public DNS, website reachability, TLS, headers, and email authentication records. Most scans finish quickly; slow domains can take up to 15 seconds.

Sample report

Domain health for bsns.cc

A healthy report leads with the operator work that matters most, then keeps the raw evidence available for someone technical.

Report

bsns.cc

A96/100

Scan complete with 2 warnings.

No urgent fixes

  1. No urgent fixes found in the checks that completed.
DNS20/20
Web/TLS30/30
Email30/30
Headers13/15
Performance3/5

DNS

4

Domain resolves

pass

bsns.cc has public address records.

ID
dns.resolve.ok
Severity
info

No AAAA records found

info

bsns.cc does not publish IPv6 AAAA records.

ID
dns.aaaa.missing
Severity
low

IPv6 is useful but not required for most small-business sites.

Add an AAAA record when your hosting provider supports IPv6.

Name servers found

pass

bsns.cc publishes NS records.

ID
dns.ns.present
Severity
info

CAA records found

pass

bsns.cc publishes CAA records.

ID
dns.caa.present
Severity
info

CAA records can limit which certificate authorities may issue certificates.

Web/TLS

2

HTTPS is reachable

pass

https://bsns.cc returned HTTP 200.

ID
web.https.ok
Severity
info

HTTP redirects to HTTPS

pass

http://bsns.cc redirects to HTTPS.

ID
web.http.redirects_to_https
Severity
info

TLS

1

TLS certificate is valid

pass

The certificate is trusted and covers bsns.cc.

ID
tls.valid
Severity
info

Email

3

SPF record found

pass

bsns.cc publishes one SPF record.

ID
email.spf.present
Severity
info

DMARC enforcing policy found

pass

bsns.cc uses DMARC p=reject.

ID
email.dmarc.enforcing_policy
Severity
info

An enforcing DMARC policy can reduce successful direct domain spoofing.

DKIM selector record found

pass

Found a DKIM record for selector google.

ID
email.dkim.selector_found
Severity
info

DKIM lets receivers verify that signed mail was authorized by the domain.

Headers

2

HSTS is present

pass

The final HTTPS response includes Strict-Transport-Security.

ID
headers.hsts.present
Severity
info

CSP allows unsafe inline code

warn

Content-Security-Policy contains 'unsafe-inline'.

ID
headers.csp.unsafe_inline
Severity
low

Allowing inline scripts weakens CSP as an injection risk reducer.

Move inline scripts/styles to nonces, hashes, or external files where practical.

Performance

2

Initial response is acceptable

pass

The final HTTPS response took about 913 ms.

ID
perf.response.fast
Severity
info

Compression was not visible

warn

The sampled text response did not show a content-encoding header.

ID
perf.compression.missing
Severity
low

Compression can reduce transfer size for text responses.

Confirm compression is enabled for HTML, CSS, JavaScript, and JSON responses.

Raw records

DNS
{
  "a": [
    {
      "address": "216.150.16.1",
      "ttl": 1800
    },
    {
      "address": "216.150.1.1",
      "ttl": 1800
    }
  ],
  "aaaa": [],
  "ns": [
    "ns2.vercel-dns.com",
    "ns1.vercel-dns.com"
  ],
  "mx": [
    {
      "priority": 1,
      "exchange": "smtp.google.com"
    }
  ],
  "caa": [
    {
      "critical": 0,
      "type": "CAA",
      "issue": "pki.goog"
    },
    {
      "critical": 0,
      "type": "CAA",
      "issue": "sectigo.com"
    },
    {
      "critical": 0,
      "type": "CAA",
      "issue": "letsencrypt.org"
    }
  ]
}
Http
{
  "https": {
    "status": "ok",
    "finalStatus": 200,
    "finalUrl": "https://bsns.cc/"
  },
  "http": {
    "status": "ok",
    "finalStatus": 200,
    "finalUrl": "https://bsns.cc/",
    "redirects": [
      {
        "url": "http://bsns.cc/",
        "status": 308,
        "redirectTo": "https://bsns.cc/"
      },
      {
        "url": "https://bsns.cc/",
        "status": 200
      }
    ]
  }
}
TLS
{
  "handshake": true,
  "validForHostname": true,
  "chainTrusted": true,
  "issuer": "Let's Encrypt",
  "negotiatedProtocol": "TLSv1.3",
  "validTo": "Sep 10 21:27:50 2026 GMT"
}
Email
{
  "spf": {
    "records": [
      "v=spf1 include:_spf.google.com include:_spf.resend.com ~all"
    ],
    "lookupCount": 2
  },
  "dmarc": {
    "records": [
      "v=DMARC1; p=reject; pct=100; sp=none; aspf=r;"
    ]
  },
  "dkim": {
    "checkedSelectors": [
      "google",
      "selector1"
    ],
    "foundSelectors": [
      "google"
    ]
  }
}
Performance
{
  "responseTimeMs": 913,
  "totalTimeMs": 947,
  "contentType": "text/html; charset=utf-8",
  "contentEncoding": null
}