Built this after almost shipping Stripe key in a production bundle.

It runs 6 checks in a few seconds:

- SSL Certificate - validity, expiration, protocol - DNS Health - SPF, DKIM, DMARC (email spoofing protection) - Security Headers - CSP, HSTS, X-Frame-Options - Blacklist Status - spam/malware list checks - Secret Scanner - finds leaked API keys in public JS bundles (AWS, Stripe, Firebase, etc.) - Ghost API Hunter - exposed Swagger docs, GraphQL endpoints, debug routes

Everything gets A+ to F grades with plain English explanations.

The last two are the differentiators, most SSL checkers exist, but few tools passively scan your frontend for shipped secrets or forgotten /api endpoints.

Looking for feedback on false positive rates and what other checks would be useful.