Operational evidence
for your web surface.
Signed. Dated. Defensible.
Security, SEO, performance & accessibility — one report, plain English, actionable fixes. Built for security, compliance and engineering teams who need to answer the same question across every property they ship.
Every layer of your site — checked
Most tools check one thing. We run 13 simultaneous checks and return a structured, severity-ranked report — no technical knowledge required.
SSL/TLS grade, HTTP security headers, CORS policy, exposed files (.env, .git, admin panels), cookie flags, DNS security (SPF/DMARC/DKIM/MTA-STS), known JS CVEs, mixed content and Subresource Integrity (SRI).
Google PageSpeed Insights score, First Contentful Paint, Largest Contentful Paint, Total Blocking Time, Cumulative Layout Shift — powered by Google's infrastructure for consistent, reliable results.
Google PageSpeed Insights SEO score + our own content audit: page title length, meta description, H1 structure, image alt text coverage, canonical URL, Open Graph tags and Twitter Card — the details Google actually cares about.
Full WCAG 2.1 audit via Google PageSpeed Insights and axe-core: contrast ratios, missing ARIA labels, keyboard traps, skip links and form labels — violations ranked by severity.
Detects advertising, analytics and social media trackers loaded on your page. Flags GDPR / India DPDP risk and tells you exactly which third parties need a consent banner before they can load.
Identifies the CMS, frameworks, CDN, analytics tools, payment processors and server software your site uses — from HTTP headers, HTML patterns and loaded scripts. Useful for security review and vendor auditing.
- SSL / TLS Certificate
- HTTP Security Headers
- CORS Configuration
- Sensitive File Exposure
- JavaScript CVE Detection
- Mixed Content & SRI
- DNS & Email Security
- Cookie Flags
- SEO Content Audit
- Performance & SEO (PageSpeed Insights)
- Performance & SEO (PageSpeed Insights)
How it works
Any public website. Accept two quick consent checkboxes required by India's DPDP law.
Google PageSpeed Insights, axe-core, SSL Labs, retire.js, GDPR tracker detection, tech fingerprinting and more — all at the same time.
Scores, severity-ordered findings, AI-written summary and a downloadable PDF — no jargon, no guesswork.
Compliance & trust
Built for teams that need to answer compliance questions, not just pass a checkbox. Audit evidence you can actually use.
EU and India data protection. Dual consent gates, 90-day retention, right to deletion.
DPO · support@sitescanfix.com
Security, availability and confidentiality criteria.
In preparation · 2026
Every header recommendation references OWASP and RFC standards — not opinion.
OWASP reference
Control mapping included in Agency plan reports. Not ISO-certified.
Evidence export available
Run your first audit — free
No installation, no browser extension. Paste a URL, accept two consent checkboxes required by India's DPDP law, and get your report in under ten minutes.
Scan results stored in EU by default. India region available on request.
Report data auto-deleted after 90 days per DPDP requirements. Delete on demand from your dashboard.
Data Processing Addendum available for enterprise and agency plans. No email gate.
Flat monthly rate. No per-scanner fees, no hidden costs. Agency plan caps at 300 scans/month to protect margin.