Web Check runs automated security checks against your websites every night — SSL certificates, HTTPS configuration, security headers, CMS versions and more. You get a clear grade for each site and know immediately what needs fixing.
Replacing NCSC Web Check: The NCSC's free Web Check service closed on 31 March 2026. Cyber Assure's Web Check covers the same checks — and more — as part of your Advanced subscription.
Web Check examines your publicly visible website configuration — the same things any browser, search engine, or attacker would see when visiting your site. Checks run every night without any action from you.
Validates your certificate is valid, not expired, and not about to expire. Checks for weak TLS versions (1.0/1.1). An expired certificate means visitors see a "Not Secure" warning — and many browsers block the site entirely.
Verifies that anyone visiting your site over plain HTTP is automatically redirected to the secure HTTPS version, and checks for HSTS headers that lock in that behaviour at the browser level.
Inspects your web server's response headers for key protections: Content-Security-Policy, X-Frame-Options, X-Content-Type-Options and Referrer-Policy. Missing headers are a common source of web vulnerabilities.
Scans your homepage for resources (images, scripts, stylesheets) loaded over plain HTTP rather than HTTPS. Mixed content can compromise the security of otherwise secure pages.
Checks that cookies your site sets have the Secure and HttpOnly flags where appropriate. Missing cookie flags are a common pathway for session hijacking attacks.
Detects if your site is running a CMS like WordPress and flags if it appears outdated. Old CMS versions with known vulnerabilities are a primary attack vector for automated scanning tools.
Checks whether your domain has DNSSEC enabled — the extension that protects against DNS hijacking attacks, where a user's browser is silently redirected to a fraudulent version of your site.
Each check contributes to an overall score out of 100. A letter grade from A to F is assigned based on that score — giving you an at-a-glance view of each site's posture that you can track over time.
| Grade | Score | What it means |
|---|---|---|
| A | 85+ | Strong configuration across all checks |
| B | 70–84 | Good, with minor gaps to address |
| C | 50–69 | Moderate — some meaningful improvements needed |
| D | 25–49 | Poor — significant issues present |
| F | 0–24 | Critical issues — immediate action needed |
Add as many domains as your organisation runs — main site, subdomains, parent portals, microsites. Each gets its own grade and check results.
Every check result includes a plain-English explanation of what the issue means, what the risk is, and how to resolve it — with links to detailed knowledge base articles.
Scans run every night at 3am UTC via a dedicated scanning agent. No manual trigger needed. Results are updated by the time you start the working day.
The NCSC retired their free Web Check service on 31 March 2026. Cyber Assure's Web Check covers the same core checks — plus CMS detection and plain-English guidance — as part of your Advanced subscription.
Web Check is included in the Cyber Assure Advanced plan. Get in touch to arrange a walkthrough.