41+ checks, every one free
Here's exactly what SiteCheck looks at when you scan a URL. No findings are locked behind a paywall.
Security
19 checks
- Content-Security-Policy header
- HTTP Strict-Transport-Security (HSTS)
- X-Content-Type-Options (nosniff)
- Clickjacking protection (X-Frame-Options / frame-ancestors)
- Referrer-Policy header
- Permissions-Policy header
- HTTPS / TLS delivery
- Cookie flags (Secure / HttpOnly / SameSite)
- Technology & version disclosure headers
- Inline source-map exposure
- Exposed OpenAI / Anthropic / Stripe / AWS / Google keys
- GitHub / Slack / SendGrid token detection
- Private key & signing-secret detection
- Supabase service_role & RLS configuration
- Firebase security-rules exposure
- Clerk auth key placement
- Publicly served .env / .git / backups
- Open CORS with credentials
- CSRF token presence on forms
SEO
11 checks
- Title tag presence & length
- Meta description presence & length
- Canonical URL
- Single H1 heading
- HTML lang attribute
- Mobile viewport meta
- Open Graph & Twitter cards
- Image alt text coverage
- Structured data (JSON-LD)
- robots.txt
- XML sitemap
AEO
5 checks
- llms.txt for AI crawlers
- AI crawler access (GPTBot / ClaudeBot / PerplexityBot)
- FAQ / Q&A structured data
- Extractable content depth
- Semantic HTML structure
Health
6 checks
- Server response time (TTFB)
- Content compression (Brotli / gzip)
- Caching headers
- HTML document size
- Script count / bloat
- Internal linking