Skip to content

TridentScan — Free Website Security Scanner & Attack Surface Intelligence

Security

How we protect your data.

Last updated: March 10, 2026

A
Grade
98/100
TridentScan Score

We scan ourselves. TridentScan consistently scores A grade with a 98/100 composite score across all 8 dimensions.

Infrastructure Security

TridentScan runs entirely on Cloudflare Workers — a serverless architecture with no traditional backend servers, no databases to breach, and no persistent attack surface.

  • Edge execution. All requests are processed at the nearest Cloudflare edge node. No centralized servers.
  • Encryption in transit. All traffic is encrypted via TLS 1.3. HSTS is enforced with preloading.
  • Encryption at rest. Stored data uses Cloudflare's encrypted storage systems.
  • No cold starts. Workers are always warm. No infrastructure idle state that could be exploited during spin-up.

Scan Data Protection

  • Minimal retention. Free tier scan results are deleted after 24 hours. Paid tier results are retained for 90 days.
  • Public data only. We only scan publicly accessible information — the same data any browser can see.
  • No credential storage. We never ask for or store credentials to scan targets.
  • Isolated execution. Each scan runs in an isolated worker context. No cross-contamination between scan requests.

Security Headers

TridentScan enforces the security headers we recommend to our users:

  • Content-Security-Policy
  • Strict-Transport-Security (HSTS preloaded)
  • X-Content-Type-Options: nosniff
  • X-Frame-Options: DENY
  • Referrer-Policy: strict-origin-when-cross-origin
  • Permissions-Policy

Authentication & Payments

  • Authentication. Handled via Supabase Auth with industry-standard practices including secure password hashing and session management.
  • Payments. All payment processing is handled by Stripe. We never see or store card numbers, CVVs, or bank details.

Responsible Disclosure

We take security seriously and welcome reports from security researchers. If you discover a vulnerability in TridentScan:

  • Email your findings to security@tridentscan.com
  • Include a detailed description and steps to reproduce
  • Allow us reasonable time to investigate and remediate before public disclosure
  • Do not access, modify, or delete data belonging to other users

We commit to acknowledging reports within 24 hours and providing a resolution timeline within 72 hours. We will not pursue legal action against researchers acting in good faith.

Contact

For security concerns or vulnerability reports: security@tridentscan.com