Certificate Validation
Verify trust chain, detect self-signed certs, and issuer chain verification
Certificate Expiration
Expiration countdown with 7/30-day warnings and automatic renewal urgency
Protocol Analysis
TLS 1.2/1.3 detection, deprecated protocol warnings, ALPN negotiation check
Cipher Strength
Identify weak ciphers (RC4, DES, NULL), verify encryption bit strength
HSTS Audit
Check max-age, includeSubDomains, preload directive presence
Security Headers
CSP, X-Frame-Options, Referrer-Policy, COOP, CORP — presence and value validation
SAN Coverage
Verify domain is listed in Subject Alternative Names, wildcard matching
CAA Records
Certificate Authority Authorization records restricting certificate issuance
HTTP→HTTPS Redirect
Verify HTTP permanently redirects to HTTPS (301 vs 302 detection)
HTTP/2 & ALPN
Check HTTP/2 and HTTP/3 (QUIC) support via ALPN and Alt-Svc
Forward Secrecy
ECDHE/DHE key exchange verification — ensures past sessions stay secure if keys are compromised
OCSP Stapling
Server-side certificate revocation check during TLS handshake for faster validation
Certificate Transparency
CT log lookup via crt.sh — detects unauthorized certificate issuance for your domain
Chain Depth
Certificate chain length analysis — validates intermediates are served correctly
Cipher Category
AEAD vs CBC classification — detects ciphers vulnerable to padding oracle attacks
Mixed Content
HTML scan for insecure HTTP resources loaded on HTTPS pages
More free tools
No account required. Scan any website instantly.
SPF, DKIM, DMARC, DNSSEC, MTA-STS, BIMI, reverse DNS, SMTP STARTTLS, and more.
Waterfall timing, resource hints, image optimization, HTML weight, and third-party detection.
Full cookie inventory, pre-consent detection, GDPR compliance, and tracker mapping.
CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP, CORP, X-Content-Type-Options.
CMS, analytics (GA, Hotjar), trackers, CDN, and framework detection.
Domain/IP on Spamhaus, SpamCop, Barracuda, SORBS DNSBLs.
Open Graph, Twitter cards, canonical, robots meta, sitemap discovery.
Redirect chain and broken links on a single page.
Domain WHOIS, registrar, creation, expiration, and domain age.
Subdomains via crt.sh Certificate Transparency.
Typosquatting patterns, homoglyphs, and heuristic risk score.
4-layer brand detection: substring, fuzzy, phonetic & n-gram analysis across 200+ brands.
Composite from age, WHOIS privacy, blacklist, HTTPS.
Public counterfeit reporting portal with blockchain verification and anonymous submissions.
Verify brand ownership, authority grants, documents, and company identity on blockchain.
IP intelligence with geolocation, WebRTC leak test, timezone analysis, VPN & proxy detection, 12-database blacklist, browser privacy audit, abuse scoring, and privacy grading.
40-module deep scan — name enrichment, toxic detection, SMTP multi-pass greylisting, 121k+ disposable DB, inbox prediction, quality scoring.
Analyze multiple pages & test 90 brand protection + security patterns (abuse@, legal@, dmca@, security@). Delivery verified.
Deep compliance scanners
Full regulatory audits with remediation roadmaps, penalty estimates, and court-ready reports. Free preview with every scan.
150+ checks across 6 inspection layers with full vulnerability assessment and PDF reports.
23-article GDPR compliance audit with remediation guidance and penalty estimates.
Consent mechanism audit with dark pattern detection per EDPB guidelines.
"Do Not Sell" link, GPC signal, and privacy policy audit for California compliance.
Brazilian data protection law compliance audit with Portuguese notice validation.
French CNIL regulatory compliance analysis and cookie consent validation.