Yes. No credit card, no signup, no trial period. 100 requests/hour forever — covers both scans and API calls. The scanner is open source — you can even self-host it.
What does a scan check?
11 modules: SSL/TLS, HTTP security headers, DNS (SPF/DKIM/DMARC), HTTPS redirect, information disclosure, cookie security, DNSSEC, HTTP methods, CORS, HTML analysis, and CSP deep analysis. Total: 100 points.
How fast is a scan?
Under 1 second for the core scan. Passive recon (WHOIS, subdomains, CT logs) runs in the background and completes in 5-30 seconds.
Can I use the API commercially?
Yes. Both the scanner and API are free for commercial use. Pro provides higher rate limits (1,000/hr) and bulk scan up to 50 domains.
How do I get my API key after purchase?
After checkout, you'll be redirected to a welcome page showing your key. Save it immediately — it's shown only once for security.
Can I cancel anytime?
Yes. Cancel through the Lemon Squeezy customer portal. Your key stays active until the billing period ends.