LynxRadar — Domain Security Scanner

Instant security posture scores for any domain. Checks TLS, DMARC, security headers, breaches, and CVEs in seconds.

Know the security posture of any website in seconds—without leaving your browser. LynxRadar is a free security intelligence extension that automatically scans every website you visit and gives it a letter grade (A+ through F) based on its real-world security posture. The moment you land on a site, LynxRadar quietly runs a passive assessment in the background. Click the extension icon to see a full breakdown: what's configured correctly, what's weak, and what's dangerously missing. No login required. No account needed. No data collection from your browsing. Just instant, actionable security intelligence on every domain you visit. WHY THIS EXISTS Every day, you share data with websites—logging in, submitting forms, entering payment details, signing up for services. But most people have no way to know whether the website on the other end actually takes security seriously. Does it use modern TLS? Is email spoofing blocked so attackers can't impersonate it? Are security headers in place to protect your browser? Has it appeared in a data breach? Is it running software with known CVE vulnerabilities? Until now, getting answers to these questions meant using enterprise tools that cost thousands of dollars a year, or manually running command-line checks that require security expertise. LynxRadar changes that. It brings the same checks used by professional security teams and risk analysts directly into your browser—for free. WHAT LYNXRADAR CHECKS Every scan covers five core security categories, running in parallel so results arrive in 20–30 seconds: 🔒 TLS / Certificate Verifies that the site uses a valid, properly configured TLS certificate. Checks for expired certificates, weak cipher suites, outdated protocol versions (like TLS 1.0 or 1.1), and proper certificate chain validation. A poor TLS configuration means data transmitted to the site can potentially be intercepted. 📧 DMARC & Email Security Checks whether the domain has DMARC, SPF, and DKIM configured — the three pillars of email authentication. Without these, attackers can impersonate the domain to send phishing emails that appear to come from the legitimate company. This is one of the most common attack vectors in business email compromise (BEC) scams. LynxRadar also checks MTA-STS, which protects email in transit from downgrade attacks. 🛡️ Security Headers Inspects the HTTP response headers the site sends to your browser. Checks for Content-Security-Policy (CSP), HTTP Strict Transport Security (HSTS), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. Missing headers leave users vulnerable to clickjacking, cross-site scripting, and data leakage attacks. 💥 Data Breaches Checks whether the domain has appeared in known data breach databases. If a company has been breached before, it can indicate systemic security weaknesses — or mean that your credentials from a previous account with them may already be compromised. This check covers major historical breaches across hundreds of thousands of domains. ⚠️ CVE Exposure Scans for known Common Vulnerabilities and Exposures (CVEs) associated with the domain's infrastructure. CVEs are publicly disclosed security flaws in software — if a site is running unpatched software with known vulnerabilities, it's a meaningful signal that the organization's security hygiene may be lacking. THE SCORE & GRADE After running all checks, LynxRadar produces a security score from 0 to 100 and converts it to a letter grade using the same scale as academic grading: A+ / A / A− (90–100): Strong security posture across all areas B+ / B / B− (80–89): Good baseline with minor gaps C+ / C / C− (70–79): Adequate but with notable weaknesses D+ / D / D− (60–69): Significant gaps that should concern you F (below 60): Serious security deficiencies — proceed with caution The grade appears directly on the extension badge in your browser toolbar, so you always have a visual signal without even needing to open the popup. Green means healthy. Yellow means warnings. Red means problems. HOW IT WORKS LynxRadar uses passive, non-intrusive checks — it never sends test payloads, never attempts to exploit vulnerabilities, and never touches the site's internal systems. Everything it checks is publicly observable: 1. When you navigate to a website, LynxRadar automatically initiates a scan in the background via the LynxRadar API 2. The API runs all five collectors in parallel against the domain's public-facing infrastructure 3. Results are returned as a structured score within 20–30 seconds 4. The extension badge updates with the letter grade 5. Click the badge to see the full breakdown with specific findings and explanations 6. Results are cached for 7 days—revisiting the same domain loads instantly from cache Scans are rate-limited to protect server resources. Each domain can be re-scanned once every 10 minutes. Cached results from recent scans are returned immediately. THE POPUP INTERFACE The LynxRadar popup is designed to give you maximum signal with minimum noise: 1. Scanning view — Shows live progress across all five check categories, each updating from "Running" to "Done" as results come in. A 20–30 second wait with full transparency into what's happening. 2. Results view—A clean summary showing: - The letter grade and numeric score in a prominent ring dial - Check badges showing how many passed, how many are warnings, how many are critical - Top findings listed with severity labels (Critical / Warning) and plain-English descriptions of what's wrong - A direct link to the full detailed report on lynxradar.com, which includes remediation guidance and historical context - A copy button to export the scan summary as formatted text — useful for pasting into a ticket, Slack message, or vendor assessment form - A rescan button with a live cooldown countdown showing when the next fresh scan is available Error handling: If a scan fails or a cooldown is active, the popup explains why in plain language rather than showing a cryptic error. WHO SHOULD INSTALL THIS - Security & IT professionals: Get an instant read on vendor security posture before approving a tool, sharing credentials, or integrating a third-party service. Use it during vendor risk assessments without needing to spin up enterprise tooling. - Procurement & finance teams: Before entering payment details or signing up for a SaaS platform, quickly check whether the vendor takes security seriously. A grade of D or F is a signal worth raising with your security team. - Developers & engineers: Check your own domains and staging environments. Catch missing security headers, weak TLS configurations, or DMARC gaps before they become audit findings or incidents. - Journalists & researchers: Quickly assess the security posture of organizations you're investigating or writing about. Verifiable, objective data on email security, certificate health, and breach history. - Privacy-conscious users: Before creating an account or sharing personal information with a new site, know whether it has the baseline security infrastructure in place to protect your data. - Third-party risk & compliance teams: Supplement your formal vendor assessments with real-time, always-on security signals. LynxRadar's checks align with common compliance frameworks including SOC 2, ISO 27001, and vendor security questionnaires. FULL REPORTS ON LYNXRADAR.COM Every scan in the extension links to a full public report on lynxradar.com. The full report includes: PRIVACY & PERMISSIONS LynxRadar is designed with a minimal footprint: What we access: The current tab's URL, to extract the domain name for scanning. That's it. What we don't do: We do not read page content. We do not track your browsing history. We do not collect personal data. We do not sell data to third parties. We do not inject scripts into pages you visit. How scanning works: When you visit a site, the domain name (e.g., "stripe.com") is sent to the LynxRadar API. The API runs checks against publicly available DNS records, HTTP headers, certificate transparency logs, and breach databases. Your IP address is used only for rate limiting and is not stored or logged against domain scans. Permissions used: 1. `tabs`: to read the URL of the current tab to identify which domain to scan 2. `storage`: to cache scan results locally so revisiting domains is instant 3. `activeTab`: to display the badge grade on the current tab's icon No broad host permissions. No access to page content. No background tracking. ABOUT LYNXRADAR LynxRadar is built on the conviction that security intelligence should be accessible to everyone — not just enterprise security teams with six-figure tool budgets. The same passive checks that underpin professional vendor risk assessments can be automated, productized, and delivered to anyone with a browser. The full platform at lynxradar.com has already scanned thousands of domains across Fortune 500 companies, Y Combinator startups, financial institutions, and consumer SaaS products. The Chrome extension brings that intelligence directly into your browser, where it's most useful: at the moment you're deciding whether to trust a website with your data. GETTING STARTED 1. Install the extension 2. Navigate to any website 3. LynxRadar automatically starts scanning in the background 4. Click the extension icon to see the grade and findings 5. Click "View full report" for detailed remediation guidance The extension works immediately after installation—no setup, no account, no configuration required. –––––––––––––––––––––––––– LynxRadar performs passive, non-intrusive security assessments using publicly available data. Results reflect observable security signals and should be considered alongside other factors when making security decisions. Full methodology available at lynxradar.com.