Skip to main content

Every capability, grouped by what you need it for.

From the free scan to audit-ready evidence. Each card shows which plan includes it.

Scan your site — free See pricing
Uptime Security posture Email & DNS Cookies & consent Compliance Alerts & team Enterprise

Uptime & availability

Continuous watching — needs an account and a registered monitor. The free scanner only gives you a point-in-time grade.

HTTP uptime monitoring
Monitor
Response-time tracking with down-rechecks. Every 5 min on Monitor, every 1 min on Compliance.
Incident lifecycle
Compliance
Auto-open and auto-resolve incidents with severity, duration tracking, and MTTR metrics.
Domain & SSL expiry alerts
Monitor
Ongoing WHOIS/RDAP tracking plus certificate expiry notifications at 30 / 14 / 7 days.
Heartbeat / cron monitoring
Enterprise
Ping endpoint for background jobs and scheduled tasks — alert when a cron stops reporting in.
Keyword monitoring
Enterprise
Assert required text is present, forbidden text is absent — catches silent defacement.
Maintenance windows
Monitor
Schedule downtime in advance — no false alerts, no status-page drama during planned work.
Synthetic monitoring
Enterprise
Multi-step HTTP transactions — login flow, checkout, API sequences. Up to 10 steps per monitor.
Multi-region checks
Enterprise
Distributed monitoring from EU-Central, US-East, AP-South — detect regional outages.

Security posture

Every EU-relevant transport, header, and hosting check — with a grade and an industry benchmark.

Security grade (A–F)
Free scan
Composite score from 14+ checks — HSTS, CSP, TLS, DNSSEC, email auth. Compared against the EU benchmark.
Risk scoring (26 factors)
Free scan
0-100 risk score with exponential time-decay and 4 severity tiers — drives the rest of your alerts.
TLS / SSL certificate
Free scan
Key strength, signature algorithm, chain depth, expiry — plus TLS version negotiation checks.
Security headers
Free scan
HSTS, CSP, X-Frame-Options, X-Content-Type, Referrer-Policy, Permissions-Policy validation.
CSP violation reports
Compliance
Ingest browser-reported CSP violations, aggregate and deduplicate. 10M/mo Compliance.
IP / ASN / hosting intel
Monitor
Server geolocation, ASN org, hosting-provider identification — plus GDPR server-location vs company-HQ analysis.
Homepage accessibility check
Monitor
WCAG 2.2 AA audit of the domain homepage in a real browser — included with the paid Report and refreshed weekly on Monitor+.
Pre-consent transfer detection
Compliance
Detect third-party data transfers before cookie consent — CDN, fonts, analytics. GDPR Art. 44 exposure.
Hosting & data residency
Compliance
Two-dimensional hosting analysis: where the server lives vs where the company is headquartered (Schrems II / CLOUD Act).

Email deliverability & DNS security

Catch the silent failures: emails landing in spam, DNS records that quietly changed, missing DNSSEC.

SPF / DKIM / DMARC
Monitor
Email authentication validation — syntax, policy, alignment, multiple selectors.
SMTP STARTTLS probing
Monitor
Probes MX hosts for STARTTLS support, TLS version, and certificate validity.
MTA-STS & TLS-RPT
Monitor
Inbound TLS policy enforcement and TLS reporting for encrypted mail delivery.
DNS blacklist checks
Monitor
Cross-reference your sending IPs against major DNSBL providers — catch reputation drops early.
DNSSEC validation
Monitor
Cryptographic DNS signature validation — detect DNS hijack or chain-of-trust breakage.
CAA records
Monitor
Certificate-issuance authorisation — prevent rogue certs from being issued for your domain.
DANE / TLSA
Monitor
DNS-based TLS public-key pinning — defence-in-depth beyond the CA trust chain.
Global DNS consistency
Monitor
Query from multiple resolvers and geographies — catch partial rollouts and stale records.

Cookie consent & privacy (CMP)

Self-hosted consent management — no third-party scripts, no data leaving the EU.

Basic consent banner
Compliance
Self-hosted, GDPR-ready banner with Accept/Reject. 2M consents/month on Compliance.
Full styling + Consent Mode v2
Compliance
Custom CSS, 8 EU languages, Google Consent Mode v2.
Consent proof export
Compliance
Per-consent audit record with timestamp + IP + browser signature. PDF/CSV export for auditors.
IAB TCF v2.3 mode (planned)
Compliance
Publisher-grade __tcfapi + TC String + Global Vendor List + AC String. Engine complete; pending IAB Europe CMP registration before live activation.
Cookie auto-detect
Compliance
Scan your site for cookies set before consent — classify by category and vendor.
GPC / DNT respect
Compliance
Honour Global Privacy Control and Do-Not-Track signals automatically.
Continuous consent scan
Compliance
Daily re-scan of cookies, vendors, and data-transfer destinations — drift alerts when things change.
Evidence Vault integration
Compliance
Consent proofs flow into the compliance evidence vault for audit-ready documentation.

EU compliance & evidence

Supports organisations with obligations under NIS2 · DORA · GDPR · DSA · CRA · EAA. SiteGuardian doesn't make you compliant — it documents the monitoring so you can prove it when the auditor calls.

17 EU frameworks
Compliance
GDPR, NIS2, DORA, CRA, EAA, ISO 27001, SOC 2, BSI, TTDSG, DSA, DDG, AI Act, PCI DSS, Cyber Essentials, TISAX, C5, ENS.
Jurisdiction-aware (27 EU states)
Compliance
Country-specific framework activation, national laws, CSIRT/DPA contacts, NIS2 entity severity.
Integrated ISMS
Compliance
Risk register, policy repository, CAPA tasks, RACI matrix, management review, one-click evidence pack. No second platform needed.
Accessibility auditing (WCAG 2.2 AA)
Compliance
Weekly WCAG 2.2 AA audit across every registered domain's homepage — real browser, single-page-app aware (React, Vue, Angular). EN 301 549 mapping. For full-site crawls see the one-time EAA Site Audit.
Compliance questionnaire wizard
Compliance
140 questions across 16 domains, 9 frameworks. Severity-weighted scoring with gap analysis.
Governance document generation
Compliance
Auto-generate ROPA (Art. 30), DPIA (Art. 35), Risk Treatment Plan, Management Review, SoA, Breach Register.
NIS2 supply chain risk
Compliance
7-factor weighted supplier profiles with maturity classification and risk heat maps.
DORA ICT register
Compliance
Art. 28(3) ICT third-party provider register with materiality classification.
Digital AVV / DPA
Compliance
Data Processing Agreements with digital signature, tamper-evident audit trail, and export.
Audit log (SHA-256 chain)
Compliance
Tamper-evident audit trail — every action SHA-256 hash-chained and exportable.
SLA reports
Compliance
Uptime %, downtime, p50/p95/p99 response times, daily breakdown — exported as PDF or CSV.
Audit-grade PDF export
Compliance
Full compliance report with jurisdiction context, control analysis, digital integrity proof.
Change calendar
Compliance
ITIL-style change management with approval workflows, scheduling, and retrospective linking.
Evidence management
Compliance
Upload and link evidence files to controls and questionnaire answers. Encrypted at rest.
Evidence in reports
Compliance
Compliance and SLA reports embed linked evidence automatically — no manual copy-paste.
Regulatory auto-classification
Compliance
Incidents are auto-linked to the frameworks they touch — NIS2 reporting clocks, DORA tickets, GDPR notices.

Alerting, team & public pages

Route the right alert to the right person on the right channel — and show your customers what's up.

Email alerts
Monitor
Instant notifications when something goes down, expires, or fails validation.
Interactive Telegram bot
Monitor
/status, /monitors, /mute with inline action buttons and daily digests. (/incidents available on Compliance.)
Webhooks
Monitor
Cryptographically-signed outbound webhooks for custom integrations. 5 per plan on Monitor.
Slack / Teams / Discord / PagerDuty
Compliance
Multi-channel notifications with severity routing and channel-per-monitor config.
Teams & RBAC
Compliance
Organisations with role-based access: owner, admin, member, viewer. Audit log per action.
Alert rules & escalation
Compliance
Conditional alerting with severity routing, time-based escalation, and on-call schedules.
On-call management
Enterprise
Rotation schedules with handoff notifications and manual override.
Anomaly detection
Compliance
Automatic detection of response-time spikes across your monitors — catches degradation before thresholds fire.
Problem management
Compliance
Group related incidents into problems with root-cause tracking — ITIL-aligned.
Service catalog
Compliance
Map services to monitors with ownership, criticality, and dependencies.
Knowledge base
Compliance
Internal KB for runbooks, procedures, and troubleshooting notes — linked to services.
Public status pages
Compliance
Uptime history, active incidents, and embeddable SVG badges.
Custom status page branding
Compliance
White-label with your logo, colours, and custom domain.
Monthly reports
Monitor
Automated email summary on the 1st — uptime, incidents, notable changes.

Enterprise scale & integrations

Distributed identity, scoped capacity, and the integration surface that bigger organisations need.

REST API (460+ routes)
Enterprise
Full API access with API-key authentication for automation and CI/CD integrations.
SAML 2.0 SSO
Enterprise
Enterprise single sign-on with Okta, Azure AD, Google Workspace.
OIDC SSO
Enterprise
OpenID Connect SSO alongside SAML for IdP flexibility.
SCIM 2.0 provisioning
Enterprise
Automated user + group provisioning from your identity provider.
SMS & voice alerts
Enterprise
Critical alerts via SMS and automated voice calls for on-call escalation.
White-label status pages
Enterprise
Fully white-labelled status pages with your custom domain and branding.
Runbooks
Enterprise
Automated runbook matching to incident signatures, plus CRUD for operational procedures.
False-positive rate trends
Enterprise
Rolling-window FP rate analysis and trend API for tuning detection thresholds.

Platform — included on every plan

Security, privacy, and EU data residency by default. No tracking. No compromises.

EU data residency
Germany (Hetzner). No third-country transfers. No CLOUD Act exposure.
2FA authentication
Optional TOTP for all accounts. Mandatory on the Compliance plan.
8 languages
EN, DE, FR, ES, IT, NL, PL, PT with multi-domain i18n.
Security headers
Enterprise-grade browser security headers on every SiteGuardian page.
Zero-downtime deploys
Rolling deploys — your monitoring never stops for our releases.
Altcha CAPTCHA
Self-hosted proof-of-work. No third-party dependency. Privacy-first.
Free security scanner
Public scanner — security headers, TLS, DNS, email, accessibility, cookies. No login required.
EU industry benchmark
Anonymised weekly data across 46 000+ European sites — see where you stand by industry and country.

See what's broken. Fix what matters.

Start with a free scan — no account needed. Upgrade when you need ongoing monitoring.

Scan your site — free See pricing