50+ Signals. 13 Dimensions. One Trust Score.

Deep Infrastructure Scan

SSL validity, TLS version, HSTS, CSP quality (not just presence — we catch wildcard and unsafe-inline policies that look compliant but aren't), X-Frame-Options, and schema.org markup accuracy.

SSL validity, TLS version, HSTS, CSP quality (not just presence — we catch wildcard and unsafe-inline policies that look compliant but aren't), X-Frame-Options, and schema.org markup accuracy.

Full Core Web Vitals

All three 2024 Core Web Vitals: LCP, CLS, and INP (Interaction to Next Paint, which replaced FID in March 2024). Plus mobile viewport compliance, tap target sizing, and real server TTFB.

All three 2024 Core Web Vitals: LCP, CLS, and INP (Interaction to Next Paint, which replaced FID in March 2024). Plus mobile viewport compliance, tap target sizing, and real server TTFB.

Email Security (SPF / DKIM / DMARC)

Three DNS lookups check whether your domain is protected against spoofing and phishing. DMARC policy enforcement level is graded — p=none gets flagged as monitoring-only.

Three DNS lookups check whether your domain is protected against spoofing and phishing. DMARC policy enforcement level is graded — p=none gets flagged as monitoring-only.

Legal Compliance Depth

Detects missing Privacy Policy, Terms, Cookie Consent banners, and Impressum across 20+ languages. Cookie consent is graded by platform — IAB TCF-compliant CMPs score higher than basic banners.

Detects missing Privacy Policy, Terms, Cookie Consent banners, and Impressum across 20+ languages. Cookie consent is graded by platform — IAB TCF-compliant CMPs score higher than basic banners.

Dark Pattern Detection

50+ psychological manipulation patterns — fake scarcity timers, fake social proof popups, pre-ticked opt-ins, and deceptive price anchoring — scanned across 8 languages.

Reputation Intelligence

Cross-references Trustpilot, G2, and Capterra for your public rating, review volume, and bimodal distribution patterns (the signal that separates real reviews from injected ones).

Content Quality Analysis

Flesch readability scoring, boilerplate/duplicate content detection, thin content flagging, and H1/CTA structure checks — the signals Google uses to assess page quality.

Broken Link Scanner

Samples internal links and HEAD-checks each one. Broken internal links waste crawl budget, kill link equity, and create dead ends for buyers mid-funnel.

Threat Intelligence

Every scan runs your domain against Google Safe Browsing, abuse.ch URLhaus malware database, and ThreatFox IOC feeds — the same sources used by Chrome, Firefox, and Cloudflare.

EU DSA Compliance

Checks for Digital Services Act signals: transparency reports, designated contact points, and notice-and-action mechanisms — mandatory for platforms operating in the EU since February 2024.

AI Content Detection

Statistical analysis of sentence-length uniformity and trigram lexical diversity flags likely AI-generated text. Google's Helpful Content Update penalises sites that publish unedited AI output.

Supply Chain Security

Detects outdated JavaScript libraries with known CVEs (jQuery <3.5, Angular <1.8, Lodash <4.17.21, DOMPurify <2.3). Attackers actively exploit these to inject malicious scripts.

Deep Cookie Consent Audit

Goes beyond banner detection — checks whether analytics and tracking scripts fire BEFORE the consent platform initialises. EU DPAs have issued multi-million euro fines for this exact violation.

Web3 & Crypto Trust

Identifies cryptocurrency and DeFi sites — a vertical where 'is this legit' searches are 3× higher than e-commerce. Applies elevated security scrutiny for wallet-connecting sites.