Browser-grade TLS analysis
Real uTLS ClientHello fingerprinting enumerates supported TLS versions and ciphers with forward-secrecy and strength ratings — not a header sniff.
Security
Real browser-grade TLS, certificate, header, DNS, and tech-stack analysis — turned into an A–F grade with prioritized, remediable findings and tracked over time.
Illustrative product preview
https://api.example.com
Example grade
B
82 / 100
Fixed example scan · 12 Jul 2026 · 09:40 UTC
Real uTLS ClientHello fingerprinting enumerates supported TLS versions and ciphers with forward-secrecy and strength ratings — not a header sniff.
Full leaf-to-root chain extraction with validity windows, key strength, signature algorithms, SANs, and OCSP stapling detection.
HSTS, CSP, X-Frame-Options and more — plus HTTP/2 & HTTP/3 support and HSTS preload eligibility.
DNSSEC, SPF, DMARC and CAA, plus WAF/CDN detection, insecure-cookie flags, and security.txt disclosure.
Fingerprints frameworks and versions, then matches them against an embedded CVE and end-of-life advisory database.
Every category is independently scored and weighted into a single A to F grade, so you know exactly where to spend the next hour.
Negotiated TLS version, certificate, and the seven critical security headers, captured in a single request.
Browser-grade ClientHello fingerprinting enumerates supported versions and ciphers with forward-secrecy and strength ratings.
Full leaf-to-root chain, OCSP stapling, HTTP/2 & HTTP/3 support, and HSTS preload eligibility.
DNSSEC, SPF, DMARC, and CAA, validated with a DNSSEC-aware resolver.
WAF/CDN detection, insecure cookies, security.txt, and tech-stack matched against a CVE / end-of-life database.
Illustrative product preview
https://api.example.com
Example grade
B
82 / 100
Fixed example scan · 12 Jul 2026 · 09:40 UTC
Illustrative product preview
https://api.example.com
Fixed example alert; current scan evidence drives the rule.
Telesis records each endpoint’s grade on every scan. Alert rules evaluate the current scan for a configured share of categories below 70, deprecated TLS, weak ciphers, invalid certificate chains, and missing security headers.
Routes to Slack, email, and webhooks.