For vendors

Your security posture changes every month. Your monitoring should too.

250+ automated checks run against your domain every month. New subdomain exposed? Source maps re-enabled after a deploy? Tracking script added without consent? The scan catches it.

Get your free scanSee pricing

What a monthly scan report looks like

April 2026 scan complete

example.com

B+79/100↑ +8 from March

✓ 3 findings resolved since March

+ 1 new finding: TLS 1.0 still enabled on legacy subdomain

12 findings unchanged

Score trend: 38 → 55 → 62 → 71 → 79

Grade trend: D → C → C → B → B+

You get an email when each scan completes. The dashboard shows the full trend. If something changes, the delta is highlighted.

What monthly monitoring catches

A deploy re-enables source maps

Your CI/CD pipeline overwrites your CDN config. Source maps are public again. The next monthly scan flags it before anyone else sees it.

A new subdomain appears

A developer spins up staging.yourcompany.com with default credentials. Subdomain discovery picks it up and checks for takeover risk.

A tracking script gets added without consent

Marketing installs a new analytics tool via tag manager. It fires before the consent banner loads. The scan records it with timestamps.

A certificate approaches expiry

Your TLS certificate expires in 14 days. The scan flags it. You renew before the browser warning shows up for your customers.

A dependency gets a critical CVE

A library detected in your production JavaScript has a new vulnerability published. Security Intelligence alerts you the same day.

Fix something? Verify it now.

Do not wait for next month. After fixing a finding, trigger a verification rescan to confirm it worked. Three per month included with the Monitor plan.

Fix applied: DMARC policy changed to reject

→ Verification rescan triggered

→ F-07: RESOLVED ✓

→ Score: 71 → 74 (+3 pts)

250+ checks, every month

The same pipeline that runs on the first scan runs automatically every month. All external, all passive, all automated.

DNS and email security

DMARC, SPF, DKIM, DNSSEC, CAA, MTA-STS

SSL/TLS

Certificate health, expiry, protocol versions, cipher strength

HTTP security headers

CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Permissions-Policy, Referrer-Policy

Subdomain discovery

65+ common subdomains, Certificate Transparency logs, takeover detection for 16 providers

Sensitive file exposure

.env, .git, package.json, yarn.lock, webpack-stats.json, SSH keys, server configs

Tracking and consent

Every tracking script that fires before consent recorded with timestamps, 30+ services detected

Cookie consent

CMP detection (Cookiebot, OneTrust, and 10 more), reject option analysis, TCF compliance

Compliance claims

SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS detection from trust pages and privacy policies

Third-party services

Full inventory of external scripts with classification (tracking, analytics, CDN, payment, chat)

Cloud storage

S3, GCS, and Azure blob storage bucket enumeration

Error fingerprinting

Framework detection from error responses, stack trace exposure in production

Known data breaches

HIBP breach database check

One scan shows where you stand. Monitoring keeps you there.

Start with a free scan. Subscribe for monthly monitoring and verification rescans.

Get your free scan

Continuous monitoring: €499/mo. See pricing

Cookie information

This site uses strictly-necessary cookies for authentication (Clerk) and bot protection (Cloudflare). No tracking, advertising, or analytics cookies are set, so no consent is required. Details in our privacy policy.