Is your website secure, compliant, and AI-ready?

Audit any URL for security headers, GDPR signals, NIS2 hygiene, and AI-crawler visibility. 50 checks in about 10 seconds.

Free · No signup · No login

How it works

Three steps. About ten seconds.

Paste your URL

Any public site. We fetch your homepage, /robots.txt, /llms.txt, security.txt, and a handful of well-known paths.

50 checks run

Security headers, privacy signals, NIS2 hygiene markers, AI-crawler visibility. Each check is pass / warn / fail with a weight.

Get a score + fixes

One score per category, an overall score, and a "why this matters" plus "how to fix" paragraph on every finding.

What we check

Four categories. Open standards, vendor-neutral, no AI required to score.

Security

HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, security.txt, mixed-content, version disclosure, and more.

GDPR / Privacy

Privacy policy presence, cookie consent platform, data-controller identity, retention, data-subject rights, AI-crawler opt-out.

NIS2 hygiene

Vulnerability disclosure (security.txt + Expires), transport encryption enforcement, SRI on external scripts, infrastructure disclosure.

AI visibility

robots.txt rules for GPTBot / ClaudeBot / PerplexityBot, llms.txt presence and quality, Schema.org JSON-LD, canonical URLs.

50 signals, every scan

All the standards we check, at a glance.

HSTS CSP security.txt X-Frame-Options Referrer-Policy Permissions-Policy Mixed content Server disclosure Privacy policy Cookie consent Data controller Legal basis Retention Subject rights SRI Vulnerability disclosure robots.txt GPTBot rules ClaudeBot rules PerplexityBot rules llms.txt Schema.org JSON-LD Sitemap Open Graph Canonical URL

Why this matters

Most security breaches start with a missing basic. GDPR and NIS2 enforcement is tightening across the EU. And AI crawlers are the new SEO — your visibility to ChatGPT, Claude, and Perplexity depends on signals you can fix in an afternoon.

Audit your site →