The free scan does five non-invasive read-only probes against a public
hostname. Nothing here triggers a WAF or generates load on your
origin.
SSL / TLS
read
Grades cert validity, expiry runway, issuer, and hostname
coverage.
Security headers
read
Counts six standard headers — HSTS, CSP, X-Frame-Options,
X-Content-Type-Options, Referrer-Policy, Permissions-Policy.
DNS
read
Pulls A, AAAA, MX, TXT, NS counts. Surface area, not data.
Tech stack
read
Identifies up to 12 framework / CDN / server signatures from
headers and HTML fingerprints.
WAF
read
Detects whether a Web Application Firewall sits in front of the
origin and names the vendor when fingerprintable.