1. 1We run 140+ read-only checks across ~20 categories — TLS, DNS, HTTP headers, email auth, exposed files, tech fingerprinting, reputation and more.
2. 2Every request is a normal GET, a DNS query or a TLS handshake — the kind of traffic ordinary visitors and search engines already generate.
3. 3We never send exploit payloads, log in, or change state, so it is safe to run on any domain without authorisation — and you get an instant grade plus an optional AI report.

What it doesn’t do: Because it is read-only it cannot confirm exploitability — for proof-of-concept confirmation use the Full (Active) scan.