SiteCheck
Scan a site

41+ checks, every one free

Here's exactly what SiteCheck looks at when you scan a URL. No findings are locked behind a paywall.

Security

19 checks

  • Content-Security-Policy header
  • HTTP Strict-Transport-Security (HSTS)
  • X-Content-Type-Options (nosniff)
  • Clickjacking protection (X-Frame-Options / frame-ancestors)
  • Referrer-Policy header
  • Permissions-Policy header
  • HTTPS / TLS delivery
  • Cookie flags (Secure / HttpOnly / SameSite)
  • Technology & version disclosure headers
  • Inline source-map exposure
  • Exposed OpenAI / Anthropic / Stripe / AWS / Google keys
  • GitHub / Slack / SendGrid token detection
  • Private key & signing-secret detection
  • Supabase service_role & RLS configuration
  • Firebase security-rules exposure
  • Clerk auth key placement
  • Publicly served .env / .git / backups
  • Open CORS with credentials
  • CSRF token presence on forms

SEO

11 checks

  • Title tag presence & length
  • Meta description presence & length
  • Canonical URL
  • Single H1 heading
  • HTML lang attribute
  • Mobile viewport meta
  • Open Graph & Twitter cards
  • Image alt text coverage
  • Structured data (JSON-LD)
  • robots.txt
  • XML sitemap

AEO

5 checks

  • llms.txt for AI crawlers
  • AI crawler access (GPTBot / ClaudeBot / PerplexityBot)
  • FAQ / Q&A structured data
  • Extractable content depth
  • Semantic HTML structure

Health

6 checks

  • Server response time (TTFB)
  • Content compression (Brotli / gzip)
  • Caching headers
  • HTML document size
  • Script count / bloat
  • Internal linking

Run every check on your site

No signup, no credit card. 100+ checks across security, SEO, AEO & health — free forever.