LetCheck
FREE · NO LOGIN REQUIRED · v1.0

Scan any website or app.
Know its risk in 60 seconds.

LetCheck runs a deep, non-intrusive audit covering security headers, SSL, SEO, performance, WHOIS ownership, hosting provider, tech stack, and email DNS — then explains everything in plain language.

no login · no exploitation · no intrusion · read-only defensive scan

// scan_modules

Nine inspection layers, one report.

Security headers

HSTS, CSP, X-Frame, cookie flags, server disclosure, mixed content.

SSL / HTTPS

Protocol enforcement, secure cookies, HTTP→HTTPS redirect hygiene.

SEO

Titles, meta, headings, canonical, OG, Twitter cards, JSON-LD, robots, sitemap.

Performance

TTFB, payload size, compression, caching, external script count.

Accessibility

Viewport, lang, alt text, semantic structure, favicon, manifest.

Email DNS

SPF, DMARC, MX — spoofing & phishing surface.

Domain & WHOIS

Registrar, registrant, country, age, expiry, nameservers.

Hosting & IP

Resolved IP, ISP, ASN, geolocation, reverse DNS.

AI briefing

Executive summary, risk-ranked actions, business impact.

// ai_engine

An analyst that explains, prioritizes, and recommends.

Every scan is interpreted by an AI engine that turns raw findings into an executive briefing, a prioritized action list, and concrete remediation guidance — written in plain language.

  • Risk-ranked findings with business impact
  • Plain-language explanations for non-technical stakeholders
  • Concrete remediation steps engineers can ship
  • Executive summary ready to share
letcheck.log
> GET https://example.com  200 OK  142ms
✓ TLS 1.3
✗ missing  strict-transport-security
✗ missing  content-security-policy
✓ x-content-type-options: nosniff
✗ server header exposes: nginx/1.18.0
✓ <title> present (52 chars)
✗ /sitemap.xml not found
✓ SPF record found
✗ no DMARC policy
WHOIS: GoDaddy · age 6.2 yrs · expires 2026-03
Host: Cloudflare · AS13335 · US

[score]   security: 58   seo: 74   perf: 81
[ai]      Posture is moderate. The most urgent
          gap is the missing CSP — once added,
          the site moves from 58 → 78 on
          security. Two quick wins remain in
          SEO (sitemap, canonical).

// digital_intelligence

Beyond checks — the full footprint of any target.

Every scan collects the resources a site is built on: domain ownership, hosting provider, IP geolocation, tech stack, plugins and third-party APIs it depends on.

Domain WHOIS

Registrar, registrant, country, registration date, expiry, age, nameservers.

Hosting & IP

Resolved IP, ISP, hosting provider, ASN, geolocation, reverse DNS.

Tech fingerprint

CMS (WordPress, Shopify, Drupal…), frameworks, libraries, analytics, payments.

Third-party APIs

External scripts, trackers, fonts, CDNs — every domain a visitor's browser contacts.

// full_report

Everything about any link — in one place.

We tell you what the site is doing right just as clearly as what it's doing wrong, so you know exactly where to focus next.

  • Issues ranked by severity (critical → low)
  • Passing checks listed as proof of compliance
  • Domain WHOIS, hosting provider, ASN & geolocation
  • Tech stack & plugin fingerprinting
  • Third-party services & data-sharing surface
  • Downloadable PDF report
sample_report
overall
74
security
62
seo
88
performance
71
hosting
Cloudflare
registrar
GoDaddy
stack
WordPress, jQuery
age
6.2 yrs
HTTPS enforced
Compression: br
✗ Missing Content Security Policy
✗ No DMARC record
⚠ Cookies missing SameSite

Ready to inspect any link?

Free, instant, no account needed. Paste any URL and get your full report.