Browser-facing controls
Headers and cookie flags affect clickjacking, content injection, referrer leakage, XSS impact and session handling.
Guide
Website risk scanning turns public web posture into prioritized evidence.
A useful website risk scan checks what browsers, crawlers and attackers can already see: headers, TLS, cookies, CORS, DNS mail policy and exposed configuration.
Designed for analysts who need clear signals, not scattered tabs.
Transport and DNS posture
HTTPS, HSTS, certificate status and DNS mail security records are core signals for defensive maturity.
Public exposure review
Risk scanning should surface evidence, severity and remediation guidance without claiming exploitability where only posture data exists.
Common questions
Is this a vulnerability scanner?
OsintNET focuses on public posture and defensive evidence. It does not attempt intrusive exploitation.
Who should run website risk scans?
Site owners, developers, analysts and defensive teams reviewing their own or authorized web properties.
Start investigation
Use OsintNET to convert public signals into structured evidence.
Pick the module that matches your target and keep each clue connected to its source, confidence and investigation context.