Skip to main content

SiteGuardian Security Scanner

Technical documentation for website operators and WAF administrators

What is SiteGuardian?

SiteGuardian is an EU-based automated website security and compliance monitoring service. Our scanner checks websites for security headers, SSL/TLS configuration, DNS security, accessibility (WCAG 2.2), cookie compliance (GDPR/ePrivacy), and performance.

We operate two types of scans:

  • Customer monitoring — Websites registered by our customers for continuous monitoring (every 60 seconds uptime, hourly deep checks).
  • EU Security Benchmark — Anonymized security posture analysis across 15,000+ EU websites for industry benchmarking (weekly scans).

User-Agent Strings

SiteGuardian/1.4 (+https://siteguardian.io/bot; EU compliance & uptime monitoring)

If you see this User-Agent in your server logs, it means your website is being scanned by SiteGuardian — either through customer monitoring or as part of our EU Security Benchmark.

IP Addresses

All server-side scans originate from the following IP addresses. Browser-based scans may originate from residential IPs.

Server Scanner (Hetzner, Germany)

136.243.129.238
2a01:4f8:212:318f::2

Note: IP addresses may change. We recommend verifying the User-Agent string in combination with IP for whitelisting. This page always shows the current IPs.

Machine-readable IP list: /bot/ips.json

What does the scanner check?

Security Headers

HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, CORS

SSL/TLS

Certificate validity, TLS version, cipher suites, HSTS preload

DNS Security

DNSSEC, CAA, DANE/TLSA, MTA-STS, TLS-RPT, BIMI

Email Security

SPF, DKIM, DMARC, SMTP STARTTLS

Accessibility

WCAG 2.2 AA (axe-core), EAA / EN 301 549

Cookie Compliance

Pre-consent data transfers, CMP detection, GDPR Art. 6/7

Request Behavior

  • Server scanner sends GET and HEAD requests only
  • Browser scanner loads pages normally (GET) — no form submissions, no POST requests
  • Maximum 2 requests per minute per domain (server scanner)
  • Benchmark scans run weekly — not real-time crawling
  • The scanner respects robots.txt for the SiteGuardian user agent
  • All data is processed in the EU (Hetzner, Germany)
  • No content is stored or redistributed — only security metadata

WAF Configuration

If your Web Application Firewall blocks SiteGuardian, you can whitelist our scanner. We recommend matching both User-Agent and IP address for security.

Cloudflare

  1. Go to Security → WAF → Custom Rules
  2. Create a new rule:
    # Rule name: Allow SiteGuardian
    (http.user_agent contains "SiteGuardian")
    # Action: Skip
  3. For stricter security, combine with IP verification:
    (http.user_agent contains "SiteGuardian"
     and ip.src in { 136.243.129.238 2a01:4f8:212:318f::2 })

AWS WAF

  1. Create an IP Set with SiteGuardian IPs
  2. Create a Rule Group with:
    • String match condition: User-Agent contains "SiteGuardian"
    • IP set condition: matches SiteGuardian IP Set
  3. Add to your Web ACL with action Allow

nginx / Apache

# nginx — allow SiteGuardian before rate limiting
map $http_user_agent $is_siteguardian {
  default 0;
  "~*SiteGuardian" 1;
}

robots.txt

Our server scanner respects robots.txt. To allow SiteGuardian:

User-agent: SiteGuardian
Allow: /

To block:

User-agent: SiteGuardian
Disallow: /

Note: Customer monitoring checks (uptime, SSL expiry) do not respect robots.txt as they are explicitly configured by the website owner. Only benchmark scans respect robots.txt.

Data Handling

  • SiteGuardian is operated from Germany and processes all data within the EU.
  • We do not store page content — only technical metadata (headers, DNS records, scores).
  • Benchmark data is anonymized and aggregated by industry and country.
  • Individual scan results are never shared publicly.

Contact

Questions, concerns, or whitelisting issues:

Operator

GÜNTER WEBER
MOMMENHEIMER STRASSE 48
55129 MAINZ
Germany

Full legal notice (Impressum)