Three levels of your security checks

Free See the platform in action with a fast visible check
Standard Expand scan depth, reporting, and regular review
Premium Validate behavior with controlled intrusive testing
Free Check

Visible proof of how the platform works

A fast external review that shows reachable services, exposure signals, and a clear sample of the reporting flow before moving into deeper coverage.

Reachability and service visibility
Security headers and exposure clues
Short report with practical findings
Standard Tier

Broader checks for real ongoing review

A more complete external assessment for users who want repeatable checks, richer output, and better visibility across public-facing systems.

Extended scan coverage and deeper context
Saved results and downloadable reports
Better fit for regular exposure review
Premium Intrusive

Controlled validation for higher-confidence testing

For premium accounts, intrusive checks go beyond passive review and validate how systems behave under limited active testing.

Stronger evidence for hardening decisions
Run adhoc checks or schedule them
Legitimate intrusive checks against your own infrastructure

What gets checked

Coverage depth increases with tier, but the scope of what can be discovered stays the same.

Reachability & service discovery

ICMP echo and TCP port scanning with service and version fingerprinting across the configured scan scope.

Web posture & TLS

HTTP/HTTPS reachability, browser-facing security headers (HSTS, CSP, X-Frame-Options), TLS certificate validity, and origin exposure analysis including CDN and WAF bypass detection.

Remote access services

Default remote administration ports: SSH/22, Telnet/23, RDP/3389, WinRM/5985–5986, and related remote access protocols.

Admin & developer interfaces

Web-facing control panels and APIs: Docker/2375, Kubernetes/6443, Jenkins/8080, Grafana/3000, Prometheus/9090, Kibana/5601, and VNC/5900–5910.

Database & messaging exposure

Data store and queue ports: MySQL/3306, PostgreSQL/5432, Redis/6379, MongoDB/27017, Elasticsearch/9200, RabbitMQ, Kafka/9092, and ActiveMQ.

Network & legacy protocols

SMB/NetBIOS, SMTP/25, LDAP/389, Kerberos/88, FTP/21, and older protocols often left open by misconfiguration.

DDoS amplification exposure

Services that can be abused for traffic amplification: NTP/123, DNS/53, SNMP/161, SSDP/1900, Memcached/11211, and CLDAP/389 over UDP.

Identity & reputation

Blocklist presence, reverse DNS consistency, forward-confirmation checks, and BGP origin ASN and prefix context for the checked address.

Common questions

What do I need to start?

Just an IP address, domain name, or subnet. No account is required for the free check — enter the target on the home page and run it directly. Standard and Premium checks require a registered account.

Is this safe to run on my own systems?

Yes, if you own or manage the systems you are checking. Front Screen is built for external review of your own public infrastructure. The free and standard checks are passive and non-intrusive. Intrusive tests are only available to Premium accounts, are clearly labelled, and require confirmation before they run.

What does intrusive testing mean?

Intrusive checks go beyond passive observation and actively probe how a system responds to specific requests — for example, testing whether an exposed service accepts unauthenticated connections or responds to protocol-specific payloads. They produce more than observation traffic and should only be run against infrastructure you control.

How often should I run checks?

A monthly review is a reasonable baseline for most teams. If you deploy new services, change firewall rules, or add new infrastructure, running a check immediately after is a practical habit. Standard tier accounts can schedule recurring checks rather than running them manually each time.

What is the difference between free and standard?

The free check gives a quick external snapshot: reachability, visible services, and basic header review. Standard goes deeper with broader scan coverage, richer output detail, saved check history, and downloadable reports. Standard is suited to teams that want to track exposure over time rather than run a one-off review.