Free Scanner Page Concept — /check
URL: compliancelayer.net/check (or /scan, /free)
Goal: #1 distribution asset. Viral loop. SEO magnet. Email capture.
Concept: Free, instant, no-signup domain scanner that shows a taste of the full product.
Why This Matters
The research is clear: a free public tool is the highest-leverage distribution asset for an API product. It:
- Captures organic search traffic ("check my domain security", "is my SSL valid", "scan my website")
- Creates a viral loop (people share their scores, compare with competitors)
- Demonstrates value before signup (show, don't tell)
- Builds backlinks naturally (bloggers link to useful free tools)
- Captures emails for drip sequence
Competitors doing this:
- SecurityScorecard has a free instant rating (but limited, requires email)
- SSL Labs (ssllabs.com) is the gold standard for SSL checking
- SecurityHeaders.com is the go-to for HTTP header checking
- MXToolbox for email/DNS checks
Our angle: Combine all of these into ONE scan, ONE score, ONE page. Nobody does that well today.
Page Structure
Above the Fold
Headline: Check your domain security — free, instant
Subhead: Get a security score for any domain in 30 seconds. DNS, SSL, open ports, and headers.
Input: [____________] [Scan Now]
Enter any domain (e.g., example.com)
Trust signals: "No signup required • Results in 30 seconds • 10,000+ domains scanned"
Results Display (After Scan)
Overall Score: Big number + grade
┌─────────────────────────────────┐
│ EXAMPLE.COM │
│ │
│ 74 │
│ C │
│ │
│ DNS: 65 (D) │ SSL: 98 (A) │
│ Ports: 80 (B) │ Headers: 55 (F)│
└─────────────────────────────────┘
Category Breakdown:
- DNS/Email: 65/100 (D) — 3 issues found
- SSL/TLS: 98/100 (A) — 0 issues found
- Open Ports: 80/100 (B) — 1 issue found
- HTTP Headers: 55/100 (F) — 4 issues found
Top Issues (Expandable):
- ⚠️ No DMARC policy — email can be spoofed [Learn how to fix →]
- ⚠️ Port 22 (SSH) exposed — consider restricting access [Learn more →]
- ⚠️ Missing HSTS header — vulnerable to downgrade attacks [Learn more →]
- ⚠️ No Content-Security-Policy — XSS risk [Learn more →]
Email Capture CTA
After results display:
Want the full report?
Get detailed findings, remediation steps, and track this domain over time.[Email] [Get Full Report]
Free account includes 10 scans/day. No credit card required.
Social Sharing
Below results:
[Share on Twitter] [Share on LinkedIn] [Copy Link]
Pre-populated tweet:
"Just scanned [domain] with @compliancelayer — got a [grade]. Free instant security check: compliancelayer.net/check?d=[domain]"
SEO Content Section (Below Fold)
H2: What does this security scan check?
Body:
ComplianceLayer's free scanner checks your domain across four categories:
DNS & Email Security
We verify SPF, DMARC, and DKIM records that protect your domain from email spoofing. Over 59% of small business domains have no DMARC policy — meaning anyone can send email that appears to come from them.
SSL/TLS Configuration
We check certificate validity, chain issues, protocol versions, and cipher strength. An expired or misconfigured SSL certificate breaks trust with visitors and can impact SEO.
Open Ports
We scan for commonly exploited services like RDP (3389), SSH (22), SMB (445), and database ports. 7% of small businesses have RDP exposed directly to the internet — a primary ransomware attack vector.
HTTP Security Headers
We verify HSTS, Content-Security-Policy, X-Frame-Options, and other headers that protect against common web attacks. Only 23% of sites have HSTS enabled.
Schema Markup (For SEO)
{
"@context": "https://schema.org",
"@type": "WebApplication",
"name": "ComplianceLayer Free Domain Scanner",
"url": "https://compliancelayer.net/check",
"description": "Free instant security scan for any domain. Check DNS, SSL, open ports, and HTTP headers.",
"applicationCategory": "SecurityApplication",
"operatingSystem": "Web",
"offers": {
"@type": "Offer",
"price": "0",
"priceCurrency": "USD"
}
}
Technical Implementation
Frontend
- Single-page React component
- Domain input with validation (strip protocols, reject private IPs)
- Loading state with progress indicator
- Results render client-side from API response
- Mobile-responsive
Backend
- Rate limit: 3 scans/hour per IP (no auth required)
- Partial results: DNS + SSL + Headers only (no port scan without auth — too expensive)
- Full port scan: Requires free account signup
- Results cached for 24 hours per domain
Analytics
- Track: scans started, scans completed, email captures, signups
- Funnel: scan → email capture → signup → paid conversion
Viral Loop Mechanics
- User scans their domain → sees score
- User shares score → competitor/colleague sees it
- Competitor scans their domain → compares
- Both sign up for monitoring → recurring usage
Amplification tactics:
- "Your competitor scored higher" messaging (if we have data)
- Badge embed code ("Secured by ComplianceLayer — Score: A")
- Monthly "State of SMB Security" report using aggregate data
Keywords This Page Targets
- "check domain security"
- "website security scan free"
- "is my SSL valid"
- "check DNS security"
- "scan my website for vulnerabilities"
- "domain security score"
- "free security audit website"
- "check if my email can be spoofed"
- "DMARC checker"
- "HTTP security headers check"
Launch Priority
This page should be live at or before Product Hunt launch. It's the single most important conversion asset outside the main landing page.
MVP version:
- Domain input + scan button
- Basic results display (overall score + 4 categories)
- Email capture for full report
- No social sharing (add later)
Full version:
- Everything above
- Historical comparison ("scan again, see improvement")
- Badge embed code
- PDF export
Last updated: 2026-03-07
Built by ComplianceLayer — scan any domain for security compliance in seconds. Get your free API key.
Top comments (0)