It runs 6 checks in a few seconds:
* SSL Certificate - validity, expiration, protocol - DNS Health - SPF, DKIM, DMARC (email spoofing protection) * Security Headers - CSP, HSTS, X-Frame-Options * Blacklist Status - spam/malware list checks * Secret Scanner - finds leaked API keys in public JS bundles (AWS, Stripe, Firebase, etc.) * Ghost API Hunter - exposed Swagger docs, GraphQL endpoints, debug routes
Every scan gets A+ to F grades with plain English explanations as to why you'd care.
The last two are the differentiators, most SSL checkers exist, but few tools passively scan your frontend for shipped secrets or forgotten /api endpoints.
Looking for feedback on false positive rates and what other checks would be useful.