DNS Resolution
Measure DNS lookup time with latency classification and resolver analysis
TCP Connection
TCP handshake timing reveals server distance and network congestion
TLS Handshake
TLS negotiation speed — TLS 1.3 detection and session resumption check
Time to First Byte
TTFB measurement against Google Core Web Vitals thresholds (200ms)
Compression
Brotli, gzip, deflate detection with uncompressed size analysis
Caching
Cache-Control, ETag, Last-Modified header analysis with policy evaluation
Redirect Analysis
Full redirect chain mapping with per-hop timing and status codes
CDN Detection
Identify Cloudflare, CloudFront, Fastly, Varnish, and other CDN providers
Protocol
HTTP/2 and HTTP/3 (QUIC) detection with Alt-Svc header analysis
Overall Scoring
Comprehensive A+ to F grade with actionable optimization recommendations
Resource Hints
Detect preconnect, preload, prefetch, dns-prefetch in HTML and Link headers
Image Optimization
WebP/AVIF, lazy loading, srcset, and missing dimension detection
Security & Rendering
HSTS, mixed content, render-blocking CSS/JS analysis
Content-Type
Content-Type validation, charset check, X-Content-Type-Options audit
HTML Weight
HTML size, DOM element count, script and style block analysis
Third-Party Domains
External domain detection — fonts, scripts, trackers, and CDN requests
More free tools
No account required. Scan any website instantly.
Certificate chain, forward secrecy, OCSP stapling, CT logs, mixed content, and cipher analysis.
SPF, DKIM, DMARC, DNSSEC, MTA-STS, BIMI, reverse DNS, SMTP STARTTLS, and more.
Full cookie inventory, pre-consent detection, GDPR compliance, and tracker mapping.
CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP, CORP, X-Content-Type-Options.
CMS, analytics (GA, Hotjar), trackers, CDN, and framework detection.
Domain/IP on Spamhaus, SpamCop, Barracuda, SORBS DNSBLs.
Open Graph, Twitter cards, canonical, robots meta, sitemap discovery.
Redirect chain and broken links on a single page.
Domain WHOIS, registrar, creation, expiration, and domain age.
Subdomains via crt.sh Certificate Transparency.
Typosquatting patterns, homoglyphs, and heuristic risk score.
4-layer brand detection: substring, fuzzy, phonetic & n-gram analysis across 200+ brands.
Composite from age, WHOIS privacy, blacklist, HTTPS.
Public counterfeit reporting portal with blockchain verification and anonymous submissions.
Verify brand ownership, authority grants, documents, and company identity on blockchain.
IP intelligence with geolocation, WebRTC leak test, timezone analysis, VPN & proxy detection, 12-database blacklist, browser privacy audit, abuse scoring, and privacy grading.
40-module deep scan — name enrichment, toxic detection, SMTP multi-pass greylisting, 121k+ disposable DB, inbox prediction, quality scoring.
Analyze multiple pages & test 90 brand protection + security patterns (abuse@, legal@, dmca@, security@). Delivery verified.
Deep compliance scanners
Full regulatory audits with remediation roadmaps, penalty estimates, and court-ready reports. Free preview with every scan.
150+ checks across 6 inspection layers with full vulnerability assessment and PDF reports.
23-article GDPR compliance audit with remediation guidance and penalty estimates.
Consent mechanism audit with dark pattern detection per EDPB guidelines.
"Do Not Sell" link, GPC signal, and privacy policy audit for California compliance.
Brazilian data protection law compliance audit with Portuguese notice validation.
French CNIL regulatory compliance analysis and cookie consent validation.