Skip to main content
EU-hosted in Germany. Privacy controls built in. No tracking.

See what's broken on your website.
Fix what matters before your customers notice.

Your SSL expired. Your emails hit spam. A security header disappeared after the last deploy. Find out what's broken now — and know before your customers do next time.

Free instant security check — no account needed

See your security grade and every issue in 30 seconds.

Use SiteGuardian in your AI workflow

Query SiteGuardian from Claude Desktop, Cursor, Claude Code, Windsurf, and VS Code.

  • Scan any domain (no account needed)
  • Check your monitored domains' current grade
  • See what changed since last week
  • Get copy-paste fix snippets for open issues
Add to Cursor
Endpoint: https://siteguardian.io/mcp Learn more in the docs →
siteguardian.io/dashboard
Running live checks on siteguardian.io…

Things break silently

Your SSL expired at 3 AM. Your domain lapsed. Your emails hit spam. You found out from your customers.

Infrastructure decays silently. Certificates expire, DNS records drift, email reputation degrades. Most teams don't notice until customers complain — or leave.

'Your connection is not private'

SSL expired overnight. Every visitor sees a browser warning. Google flags your site. Trust gone before breakfast.

This domain has expired

The renewal email went to spam. The domain lapsed. Your business address now shows a parking page — or worse, someone else registered it.

'We never got your email'

SPF broke during a DNS migration. Invoices and onboarding emails have been hitting spam for two weeks. Nobody told you.

Is the site down for everyone?

Your server ran out of memory at peak traffic. Users left. You found out 47 minutes later from a Slack message.

You won't notice until users complain. We tell you before that happens.

Free scan to find what's broken now. €29*/month to make sure it stays fixed.

Free instant scan

See your most critical issues in seconds.

Enter your domain. We show you what's broken — the full report explains how to fix each one, in which order. Based on weekly scans of 816,129+ European websites — we know where the typical gaps are.

Security grade (A–F)

An overall score from 14 checks — SSL, headers, DNS, email authentication, and more. See at a glance where you stand.

SSL & domain status

Certificate expiry, HTTPS enforcement, TLS configuration. Know before your visitors see a browser warning.

Email deliverability

SPF, DKIM, DMARC — the settings that decide whether your emails reach inboxes or hit spam. Checked in seconds.

Missing protections

Security headers, DNSSEC, MTA-STS — the protections that should be there but often aren't. Every gap flagged with severity.

EU regulation tagging

Findings tagged by framework — see which gaps matter for NIS2, DORA, GDPR, CRA, or EAA. Informational, not legal advice.

Diagnosis is free. Therapy costs.

Get your report with actionable, step-by-step fixes.

Ready-to-paste nginx, Apache, and DNS config for every issue. Priority order with effort estimates. PDF you can send straight to your developer — €29*, one-time.

Scan your site now — free, no account needed

Things break again.

You won't notice until users complain. We tell you before that happens.

A deployment overwrites a header. A DNS migration drops a record. A certificate renews with the wrong config. Most teams find out from customer emails — days later. We find out in minutes and alert you. Every alert is verified by a second check, so you're not paged for transient issues.

We monitor what typically breaks

Security headers

HSTS, CSP, X-Frame-Options — disappear after deploys. We catch it.

SSL & TLS

Expiry, weak ciphers, cert-chain errors. Before visitors see a warning.

Email authentication

SPF, DKIM, DMARC. When they break, your invoices hit spam silently.

DNS

Records drifting, DNSSEC dropping, subdomain takeover risks.

Cookies & consent

Tracking that fires before consent. Reject buttons that don't work.

Third-party scripts

New scripts appearing on your site. Supply-chain code you didn't add.

Each check runs at the right cadence — uptime every minute, security posture every 6 hours, SSL every 12 hours. Not everything at max frequency, but everything often enough to catch what matters.

Start with a free scan — monitoring from €29*/month

When you need to prove it

We document everything automatically — so you have evidence when asked.

When the auditor asks for your continuous monitoring logs, your supply chain risk assessment, or your SLA reports — you don't want to be scrambling through spreadsheets. Every check, every alert, every incident: logged, timestamped, signed. Ready when you need it.

Supports organisations with obligations under NIS2 · DORA · GDPR · DSA · CRA · EAA

EU regulatory frameworks

GDPR, NIS2, CRA, EAA, and more. Automated checks map your monitoring data against each framework's requirements — so you can see where you stand.

Evidence vault & audit logs

Every check, every alert, every incident — logged and timestamped. Downloadable compliance reports, SLA documentation, and a full audit trail.

Supply chain monitoring

NIS2 requires monitoring of critical suppliers. DORA demands an ICT vendor register. Track vendor security and document risk — from the same dashboard.

SiteGuardian doesn't make you compliant — that's your organisation's job. What it does is document your monitoring continuously, so you have evidence when you need it.

Includes integrated ISMS — no second platform needed.

Built-in ISMS

Risks, actions, policies, evidence — connected to live monitoring data.

An ISMS that verifies from live monitoring data — not just from answered questionnaires. Every risk, every control, every policy is backed by continuously verified technical evidence. The auditor doesn't have to trust you — they can verify.

Risk Register

Auto-fed from failing controls. 5x5 heatmap. Auto-closes when the issue is fixed. No manual upkeep needed.

Policy Repository

Versioned, approved, acknowledged. 7 starter templates. Edit a published policy — it auto-creates a new draft version with full history.

Corrective Actions

Critical control fails auto-create a task with owner and deadline. Fix the issue, the task closes itself. Closure evidence for the auditor.

One-Click Evidence Pack

ZIP with risks, policies, tasks, incidents, audit log, RACI matrix — SHA-256 signed. Hand it to the auditor, done.

Drift Detection

TLS config changed? New cookie appeared? DNSSEC dropped? We detect it, log it, alert you. Continuous verification — not a quarterly form.

Management Review

ISO 27001 Clause 9.3 in one click. Score trends, top risks, task status, incident count — generated from live data, not a questionnaire.

Try the free scanner See all compliance features

Trusted by data

816,129+

European websites scanned

30

Industries tracked

33

European countries

EU

Data residency (Germany)

30s

Fastest check interval

9

Alert channels

17

Regulatory frameworks

17+

Security checks per scan

Hosted in Germany (Hetzner) No third-party data storage No tracking scripts 2FA available on all plans DPA/AVV signing built in

FAQ

Frequently asked questions

What does the free scan check?

SSL certificates, domain expiry, HTTPS enforcement, security headers, email authentication (SPF/DKIM/DMARC), DNS security, MTA-STS, and more. You get an A-to-F grade and a list of every issue found — free, no account needed.

What's the difference between the scan and the report?

The free scan shows your security grade and every issue with severity. The report (€29) adds prioritized fix recommendations with step-by-step guidance, compliance framework mapping, and a PDF you can share with your team or auditor.

Where is my data stored?

All data is stored in Germany on Hetzner infrastructure. No third-country transfers. No third-party analytics or tracking. EU data residency by design.

Does SiteGuardian make me compliant?

No. Compliance is your organisation's responsibility. SiteGuardian documents your monitoring continuously and generates evidence reports — so you have audit-ready documentation when you need it.

Which regulatory frameworks are supported?

Core EU regulations — GDPR, NIS2, CRA, and EAA — plus their national implementations are included in the Compliance plan. Sector-specific frameworks like DORA, PCI DSS, ISO 27001, BSI C5, and TISAX are available as add-on packs.

How fast are the monitoring checks?

Different checks run at different cadences — tuned to how fast each thing actually changes. Uptime: every 5 minutes (Starter) or every minute (Pro / Compliance). Security posture (headers, DNSSEC, grade): every 6 hours. SSL & TLS: every 12 hours. Email authentication: every 12 hours. Domain expiry: daily. Alerts fire immediately when a check detects a state change — verified by a second check before a security alert goes out, to avoid false positives.

Can I try it without signing up?

Yes. The free scanner on this page gives you an instant security check — no account needed. The EU Security Benchmark is also freely accessible.

Is there a free plan?

The free scan is our entry point — run it as often as you like, no account needed. For ongoing monitoring, plans start at €29/month. Existing free plan users keep their access.

Pricing

Start with a free scan. Pay when you need more.

No account needed for the scan. No credit card to start.

Monthly Yearly (save 17%)
Starter

1 monitor, 5-min checks, monthly deep scan

29€* /mo
Pro Recommended

10 monitors, 1-min uptime, drift alerts, CSP, API

59€* /mo
Compliance

50 monitors, 17 EU frameworks, evidence vault, ISMS

199€* /mo

Need more than 50 monitors, multi-region, or quote-based contract? See Enterprise →

* All prices include VAT where applicable.

See what's broken.
Fix what matters. Keep it monitored.

Free security scan. Paid report with fix guidance. Ongoing monitoring from €29/month. EU-hosted in Germany.

Scan your site — free View EU Security Benchmark