Is Your Website Visible on Google AND AI Search?

What we check: Performance, SEO, Accessibility, and Best Practices scores powered by Google Lighthouse. Measures Core Web Vitals: LCP, CLS, TBT, INP, and FCP.

Why it matters: Google uses Core Web Vitals as a ranking factor. A slow site loses visitors — 53% of mobile users leave if a page takes over 3 seconds to load. Powered by Google's own infrastructure — always accurate.

What we check: Actual performance metrics from real Chrome users visiting your site — 28-day rolling average. Shows LCP, INP, CLS, FCP, and TTFB with pass/fail assessment against Google's official thresholds.

Why it matters: This is what Google ACTUALLY uses for the Core Web Vitals ranking signal — not lab simulations, but real user data. If your CrUX metrics fail, your rankings are penalized regardless of your Lighthouse score.

What we check: Checks your URL against Google's continuously updated database of malware, phishing sites, social engineering attacks, and unwanted software.

Why it matters: If Google flags your site, Chrome shows a full-screen red warning to every visitor — destroying trust instantly. Safe Browsing status is checked in real-time by 4+ billion devices worldwide.

What we check: Checks whether Google has indexed your page, when it was last crawled, how it was crawled (mobile/desktop), mobile usability verdict, and which rich results (FAQ, Product, Review) were detected.

Why it matters: If Google hasn't indexed your page, it doesn't exist in search results. This is the same data you'd see in Google Search Console — but for any URL, instantly.

What we check: Searches Google's Knowledge Graph to see if your business is recognized as a known entity — the data that powers Knowledge Panels in Google search results.

Why it matters: Businesses in the Knowledge Graph get a prominent info panel in search results with photos, reviews, hours, and links. If Google doesn't "know" your business, you're missing this free visibility.

What we check: Scans your page title, meta description, canonical URL, viewport, robots directive, H1 tags, charset, favicon, lang attribute, Open Graph tags, and Twitter Cards.

Why it matters: Meta tags control how Google displays your site in search results and how your pages look when shared on social media. Falls back to Google Lighthouse verification when direct scanning is blocked by bot protection.

What we check: Verifies HTTPS is enabled, checks certificate issuer, validity dates, days until expiration, TLS protocol version, and HSTS configuration.

Why it matters: Chrome marks HTTP sites as "Not Secure." An expired SSL certificate takes your site offline. Direct TLS handshake check — works on every site, no bot protection issues.

What we check: Tests HTTP security headers (CSP, HSTS, X-Frame-Options, etc.) plus Google Safe Browsing malware/phishing status. For bot-protected sites, shows Safe Browsing result only.

Why it matters: Security headers prevent XSS and clickjacking attacks. Google Safe Browsing is the definitive malware check — used by Chrome, Firefox, and Safari to protect 4+ billion users.

What we check: DNS records (A, AAAA, MX, NS, TXT, CNAME), WHOIS domain registration, registrar, expiry date, nameservers, and SPF/DKIM email authentication records.

Why it matters: DNS misconfigurations cause email delivery failures and site outages. An expiring domain is a ticking bomb. Missing SPF/DKIM records mean your emails land in spam.

What we check: 38 passive security checks across all 10 OWASP 2025 categories: Broken Access Control, Security Misconfiguration, Supply Chain Failures, Cryptographic Failures, Injection, Insecure Design, Authentication Failures, Integrity Failures, Logging & Alerting, and Exception Handling.

Why it matters: The OWASP Top 10 is the global standard for web application security. We probe for exposed files (.git, .env, admin panels), vulnerable JS libraries, missing security headers, cookie misconfigurations, CORS issues, and more — all without sending attack payloads.

What we check: Checks SPF record validity, DMARC policy enforcement, DKIM selector presence, and MX records. Verifies that your domain's emails won't be marked as spam or spoofed.

Why it matters: 80% of small businesses fail email authentication. Missing SPF/DMARC means your emails go to spam, and attackers can send phishing emails pretending to be you. Google and Yahoo now require DMARC for bulk senders.

What we check: Scans cookies for security flags (HttpOnly, Secure, SameSite), detects tracking pixels (Google Analytics, Meta Pixel, HubSpot, Hotjar, TikTok), checks for cookie consent banner, privacy policy link, and GDPR/CCPA compliance indicators.

Why it matters: GDPR fines can reach 4% of annual revenue. If your site sets cookies without consent or lacks a privacy policy, you're exposed to legal action. We detect exactly what's tracking your visitors.

What we check: Crawls up to 30 internal links and images on your page, checking each for 404 errors, redirect chains, and server errors. Reports every broken link with its status code.

Why it matters: 37% of small business sites have broken links. Every 404 page is a lost customer and a negative signal to Google. Redirect chains slow down your site and waste crawl budget.

What we check: Extracts all JSON-LD schema markup from your page, identifies the types (LocalBusiness, Product, FAQ, Article, etc.), validates required properties, and checks Google Rich Results eligibility.

Why it matters: Structured data powers Google's rich results — review stars, FAQ dropdowns, product prices in search. Missing or invalid schema means you're invisible to these premium SERP features.

What we check: Identifies your CMS (WordPress, Shopify, Wix), JS frameworks (React, Vue, Angular), analytics tools, CDN provider, payment processors, chat widgets, fonts, and security tools — ~50 technology signatures.

Why it matters: Know exactly what your site (or competitor's site) is built on. Outdated technologies and excessive third-party scripts slow down your site and increase your attack surface.

What we check: Resolves your mail server IP and checks it against 30 DNS-based blacklists including Spamhaus, Barracuda, SpamCop, SORBS, UCEPROTECT, and more. Shows exactly which lists you're on.

Why it matters: If your mail server IP is blacklisted, your emails go straight to spam. 21% of legitimate emails never reach the inbox. Most businesses don't know they're blacklisted until customers stop receiving emails.