SSL expiry, privacy policy, Impressum, cookie banners — checked 24/7 across every site you own. Try a free check or start the full account in one click.
No signup needed for the free tools.
Features
One platform to monitor all aspects of your website's legal and security compliance.
Get alerts before your SSL certificate expires. Never let a lapsed cert take your site offline.
Automatically finds Privacy Policy, Terms of Service, Impressum, and more across your site.
Verifies GDPR-compliant consent banners with working accept and reject options.
AI-powered quality scoring of your legal documents ensures they meet regulatory standards.
Visual proof of compliance status timestamped and stored for audit trails.
13 regions with native-language keyword detection for localised compliance checking.
Manually accept scan results you consider valid. Future scans with the same result inherit your decision.
Security Audit
Verified domain owners get a dedicated audit suite on top of compliance monitoring — owner-triggered checks gated by DNS-TXT ownership proof so no one can point them at a site they don't control.
CSP, HSTS, X-Frame-Options and friends — audit the full browser-hardening set.
Probes .env, .git, backup archives and 20+ other leak-prone paths.
Protocol version, cipher suite and certificate chain — SSL Labs-style grade.
SPF, DMARC, DKIM and CAA records — email-spoofing and misissuance exposure.
TCP probe of FTP, SSH, database and alt-HTTP ports that shouldn't be public.
Scans third-party scripts against known-vulnerable versions (jQuery, Bootstrap, Lodash and more).
Permutes your domain and flags registered look-alikes that could be used for phishing.
Ownership-proof gate
Every scan requires an active DNS-TXT verification on the domain. No way to weaponise it against a third party.
Owner-triggered only
These checks never run on a schedule — they go off only when the verified owner clicks Run scan.
Tier-gated, upgrade-friendly
Start free with Security Headers. Upgrade later to unlock TLS, DNS, JS CVE and typosquat protection.
How It Works
Enter your URL and select your target region. We handle the rest.
Our scanners check SSL, legal pages, and cookie consent every hour.
See compliance status, fix issues, and download evidence reports.
Pricing
Start free, upgrade when you need more.
Free
Free forever
Pro
For growing teams
Business
For agencies & SaaS
Ultra
For enterprise
Trusted by teams across Europe
13
Regions
24/7
Monitoring
100%
AI-Powered
✓
GDPR Ready
Start monitoring in under 2 minutes. No credit card required.
Get Started FreeFAQ
No. The free tools accept a URL, run the scan, return the result, and only keep it briefly (about 15 minutes) so we can skip duplicate scans. We don't create an account or send marketing email based on tool usage.
The tools run a single one-shot check per request — no JavaScript rendering, no AI. A free account adds continuous 24/7 monitoring across all your sites, real-browser scans that handle JavaScript-rendered pages, AI policy review against GDPR / TMG, and email + Slack alerts when something breaks.
GDPR (EU/EEA), Germany TMG §5 (Impressum), UK GDPR + PECR, Switzerland nDSG, and ePrivacy variants across DE / FR / ES / IT / NL / PL. SSL checks are region-agnostic. Region-specific rule packs can be requested on the Business plan.
Free tool: a static fingerprint scan against the 12 most common consent platforms (OneTrust, Cookiebot, Usercentrics, Iubenda, etc.). Paid plans load the page in a real browser, accept and reject the banner programmatically, and verify that no third-party cookies are dropped before consent.
Data is processed and stored on EU servers in Germany. Payment processing and tax collection are handled by an external Merchant of Record. Our full data-processing agreement is available at /dpa.
Yes — the Business plan exposes a REST API and outbound webhooks for every scan result and status change, so you can feed compliance data into Linear, Slack, PagerDuty, or your own dashboard.
The AI is a guide, not a lawyer. It flags clauses that are missing or vague against the relevant statute and points you to the exact GDPR / TMG article. We always recommend running material findings past your privacy counsel before publishing changes.