How to check your domain's external security posture for free

When was the last time you checked what the internet actually sees when it looks at your domain? Not your firewall logs. Not your SIEM. The external attack surface — the stuff anyone can scan without credentials. I'm talking about: Is your SSL certificate properly configured? What cipher suites are you advertising? Are your DNS records leaking information (open zone transfers, missing SPF/DMARC)? Are your HTTP security headers (CSP, HSTS, X-Frame-Options) actually set? What ports are publicly reachable from the internet right now? Are you on any blacklists or reputation databases? This is exactly what an attacker checks before they target you. It's also what cyber insurance underwriters check before they quote you a premium. The 4 layers that matter 1. SSL/TLS This isn't just "does the padlock show." Real SSL security means: Protocol version (TLS 1.2+ only, no SSLv3 or TLS 1.0) Cipher strength (no RC4, DES, or export-grade ciphers) Certificate validity and expiry buffer HSTS header wit