ALL PLANS
SSL / TLS Certificate
Grades your encryption A–F, checks the expiry date, and flags outdated protocols like TLS 1.0 that leave customer data exposed in transit.
ALL PLANS
Security Headers
Checks for 6 critical HTTP headers that protect your site against XSS attacks, clickjacking, and content injection from malicious scripts.
ALL PLANS
Email Security (SPF, DMARC, DKIM)
Verifies your DNS email records. Without these, anyone can send emails pretending to be your business — the foundation of most phishing attacks.
ALL PLANS
Subdomain Exposure
Scans 30+ common subdomains like admin, staging, vpn, and dev — and flags any that are publicly reachable when they shouldn't be.
ALL PLANS
HTTP→HTTPS Redirect
Checks that your site forces visitors to the encrypted version. Without it, passwords and form data sent over plain HTTP are visible on the network.
ALL PLANS
Cookie Security
Checks that your cookies have Secure, HttpOnly, and SameSite flags. Missing flags let attackers steal session tokens and impersonate logged-in users.
ALL PLANS
CMS Detection
Identifies your platform (WordPress, Shopify, Wix, etc.) so we can flag version-specific vulnerabilities and known exploits in the report.
ALL PLANS
WHOIS & Domain Expiry
Checks your domain registrar and expiry date. A lapsed domain can be registered by someone else and used to impersonate your business overnight.
FULL + PRO
Dark Web Breach Check
Searches breach databases for every incident involving your domain — and lists exactly which emails and data types were exposed.
FULL + PRO
DNS Security (DNSSEC & CAA)
Checks for DNSSEC signing and CAA records. Without these, attackers can hijack your DNS traffic or issue fraudulent SSL certificates for your domain.
FULL + PRO
Broken Link Scanner
Crawls your homepage and checks every internal link. Broken links damage trust and can expose old, unpatched pages still sitting on your server.
PRO ONLY
Port Scan
Scans 17 common ports and flags anything risky that's open to the internet — like RDP, Telnet, or exposed database ports that invite direct attacks.
PRO ONLY
Google Safe Browsing
Checks if your domain is flagged by Google for malware or phishing. A flagged domain shows a full-page warning to every visitor in Chrome and Firefox.
PRO ONLY
Typosquat Detection
Generates and checks 50 lookalike versions of your domain. Registered lookalikes are a common tool for phishing your customers and staff.
PRO ONLY
TLS Certificate Chain
Validates your full certificate chain end-to-end. A broken chain causes browser security warnings that drive visitors away and kill trust immediately.
FULL + PRO
Email Hardening (MTA-STS, DMARC policy)
Goes beyond basic email records: checks MTA-STS and TLS-RPT, flags a weak DMARC policy that only monitors instead of blocking spoofing, and catches an SPF record that's silently broken from too many lookups.
PRO ONLY
Exposed Sensitive Files
Scans for files that should never be public — exposed .git repositories, .env files leaking passwords and API keys, database backups, and directories left open for anyone to browse.
PRO ONLY
Subdomain Takeover Risk
Finds "dangling" subdomains pointing to unclaimed services (GitHub Pages, S3, Heroku, etc.) that an attacker could claim and use to host malicious content under your own domain.