Vendor Risk Assessment

Evaluate third party website security before you sign

Scan any vendor's public website to assess their security posture. Generate professional PDF reports for procurement teams and share results with stakeholders through protected links.

Assess a vendor
Any URLScan any public site
PDFExportable reports
ShareProtected links
Evaluate any vendor's security posture in seconds. No questionnaires, no waiting for responses.

Instant scoring for any vendor

Enter any URL and get a complete security assessment in seconds. The scan evaluates headers, TLS, DNS, and cookies, giving you an objective, comparable score across all your vendors.

Vendor Assessment

vendor-example.com

71/100B

Key Findings

Strict-Transport-Security
Content-Security-Policy
X-Content-Type-Options
Permissions-Policy

PDF reports for procurement

Export a detailed report that procurement and legal teams can attach to vendor evaluation files. Includes the overall score, findings per security domain, and specific recommendations.

Security Assessment Report

vendor-example.com

Date: Mar 21, 2026Domain: vendor-example.com
Overall Score71/100 (B)
Findings12 items
Recommendations5 items

Share with stakeholders

Generate a protected share link for procurement managers, legal teams, or executives. Each link has an expiry date and tracks access.

Share Results

sitesecurityscore.com/share/a3f8c1...
Expires: 7 days
Views: 12

From vendor URL to procurement decision

Vendor URL
Security scan
PDF report
Procurement

How it works

01

Enter the vendor's URL

Paste any public website URL. No account needed for your first scan.

02

Review the report

Get a breakdown of the vendor's security posture with letter grades per domain.

03

Share with your team

Export a PDF or generate a share link for procurement and stakeholder review.

Frequently asked questions

What does the vendor security score measure?

The score evaluates a vendor's public website across multiple security domains: HTTP security headers (CSP, HSTS, X-Frame-Options, etc.), TLS/SSL configuration, DNS security records, and cookie attributes. Each domain receives a letter grade, and the overall score reflects the vendor's security posture relative to industry best practices.

Can I scan any website for a vendor assessment?

Yes, you can scan any publicly accessible website. The scanner analyzes the site's HTTP response headers, TLS certificate, DNS records, and page content. No access to the vendor's internal systems is required. This is a passive, non-intrusive scan of publicly available information.

How do I share scan results with my procurement team?

After scanning, you can generate a protected share link that anyone can view without an account. You can also export a PDF report that can be attached to vendor evaluation documents, RFP responses, or compliance files. Share links include an expiry date for security.

Is it legal to scan a third party website?

Yes. SiteSecurityScore performs a passive analysis of publicly available information, similar to visiting the website in a browser. It sends standard HTTP requests and analyzes the response headers, TLS certificate, and DNS records. No vulnerability exploitation or intrusive testing is performed.

Related use cases

Free Security Headers CheckerSecurity AuditCompliance Audits

Assess your vendors

Scan any vendor's website and get an instant security assessment. Free, no account required.

Scan your site free