How AcuityScan works.
One runs 350+ checks and scores your entire digital presence. Or use any of our 21+ individual tools for a quick specific lookup.
Three steps. 60 seconds.
Scan
Enter any domain. The fires 350+ checks across 8 categories simultaneously — email, DNS, SSL, performance, SEO, accessibility, privacy, and mobile.
Score
Every category gets its own 0-100 score. These feed into a unified AcuityScan Score that tells you exactly how healthy your online presence is at a glance.
Fix
Every issue comes with a plain-English explanation, its business impact, and a copy-paste fix. Export the whole report as a PDF for clients.
Two ways to use AcuityScan
Full 350+ check audit
- Unified health score weighted across all 8 categories
- All checks run in parallel — results stream in ~60 seconds
- Prioritized issues with severity, business impact, and copy-paste fixes
- Export as PDF report for clients or your team
Best for
Individual Tools
21+ standalone diagnostics- Instant answers — one tool, one question, no waiting
- Detailed raw data — DNS records, WHOIS, full headers, SMTP logs
- Troubleshooting mode — verify DNS changes, confirm delistings, check certs
Best for
What the checks
8 categories, each running dozens of individual checks in parallel.
Email Deliverability
SPF, DKIM, DMARC, MX, PTR, MTA-STS, TLSRPT, 80+ blacklists, SMTP test, Google/Yahoo 2024 compliance
DNS Health
A, AAAA, NS, MX, TXT, SOA, CAA, DS records, DNSSEC, TTL analysis, 20+ global resolver propagation, subdomains, reverse IP
Threat Intelligence
SSL/TLS certs + chain validation, security headers (CSP/HSTS/10+ more), Google Safe Browsing, CVE scan for detected tech stack, subdomain takeover detection, CORS misconfiguration, supply chain / SRI audit, breach detection, WHOIS privacy + expiry alerts
Performance
TTFB, Core Web Vitals via Google PSI, compression, CDN, images, render-blocking scripts, tech stack (60+ technologies)
Technical SEO
Title, meta description, headings, canonical, OG/Twitter, robots.txt, sitemap, Schema.org validation, broken links, noindex detection
Accessibility
Full axe-core WCAG 2.1 AA at desktop + mobile viewports, 38+ custom HTML checks, form labels, ARIA, landmarks, contrast
Privacy & Cookies
28+ tracker detection, consent banner compliance, pre-consent violations, privacy policy, CCPA, Google Consent Mode v2
Mobile & UX
Viewport, touch targets, form input types, font sizes, mobile nav, responsive images, PWA features, interstitials
Deep dive: What each category checks
Every module runs dozens of specific checks. Here is exactly what AcuityScan tests in each category.
Email Deliverability
Email authentication is the #1 factor in whether your messages reach inboxes or land in spam. AcuityScan checks every layer of your email security stack — from SPF alignment and DKIM signing to DMARC enforcement policies. We query 80+ real-time blacklists (the same ones MXToolbox uses) and verify your mail server configuration against Google and Yahoo's 2024 bulk sender requirements.
DNS Health
Your DNS configuration is the foundation everything else depends on — email delivery, SSL certificates, CDN routing, and basic website reachability. AcuityScan queries 20+ DNS resolvers worldwide (Google, Cloudflare, Quad9, OpenDNS, and regional resolvers across 6 continents) to verify your records are correct and fully propagated. We check DNSSEC signing, flag misconfigured TTLs, and detect nameserver redundancy issues.
SSL/TLS Security
An SSL certificate is the minimum — but the gap between 'has SSL' and 'properly secured' is where most websites fail. AcuityScan tests TLS protocol versions (1.0 through 1.3), analyzes cipher suite configuration for weak or deprecated ciphers, validates the full certificate chain, and checks six critical security headers. We flag everything from missing HSTS headers to certificates approaching expiry.
Performance
Page speed directly impacts revenue — Google's data shows that a 1-second delay in mobile load time reduces conversions by up to 20%. AcuityScan measures Time to First Byte, analyzes compression (gzip/brotli), detects CDN usage, audits image optimization, flags render-blocking scripts, and inventories every third-party resource loaded on your page. We also detect 60+ technologies in your stack to identify potential bottlenecks.
Technical SEO
Search visibility starts with technical foundations. AcuityScan validates your title tags, meta descriptions, heading hierarchy, canonical URLs, Open Graph tags, and structured data markup. We check your robots.txt, verify your XML sitemap, validate Schema.org JSON-LD against the official spec (not just detect it), and flag issues like missing alt text, duplicate H1 tags, and broken canonical references.
Accessibility (WCAG 2.1 AA)
Web accessibility lawsuits under ADA Title III have increased 300% since 2018. AcuityScan runs a full axe-core audit at both desktop (1280px) and mobile (390px) viewports — the same engine used by Deque, Microsoft, and Google. On top of that, we run 38+ custom checks for issues axe-core misses: empty headings, empty buttons, broken ARIA references, suspicious alt text (filenames), overly long alt text, orphaned form labels, data tables without headers, document links without format warnings, audio/video without captions, onclick without keyboard support, missing header/footer landmarks, noscript fallback, prefers-reduced-motion, and more.
Privacy & Cookies
GDPR fines exceeded €2.1 billion in 2023, and CCPA enforcement is accelerating. AcuityScan detects 28+ known tracking scripts (Google Analytics, Facebook Pixel, Hotjar, Mixpanel, and more), checks whether they load before user consent, verifies cookie consent banner presence, and looks for privacy policy and CCPA 'Do Not Sell' links. We also detect Google Consent Mode v2 implementation.
Mobile & UX
Over 60% of web traffic is mobile, and Google uses mobile-first indexing for every site. AcuityScan checks viewport configuration, touch target sizing, form input types (does your phone field trigger the number keyboard?), font sizes that cause iOS zoom bugs, mobile navigation patterns, responsive image implementation, and Progressive Web App features. We also detect intrusive interstitials that Google penalizes in search rankings.
All 21+ individual tools
Each tool gives you detailed results for one specific check — better than MXToolbox, SSL Labs, and the rest.
How AcuityScan compares
The others each do one thing well. AcuityScan gives you all of them — plus a unified score, plain-English fixes, and a shareable report — in a single 60-second scan.
| AcuityScan | MXToolbox | SSL Labs | GTmetrix | WAVE | |
|---|---|---|---|---|---|
| Primary focus | Full digital audit | Email, DNS, blacklists | TLS / SSL deep dive | Page speed | Accessibility (WCAG) |
| Categories covered | 8 | 3 | 1 | 1 (+ light SEO) | 1 |
| Unified 0–100 health score | Yes | Pass/fail | A–F grade | Letter grade | Issue count |
| Severity-ranked findings | Yes | Pass/fail | Pass/fail | Yes | Yes |
| Copy-paste fixes in report | Yes | — | — | Partial | Guidelines only |
| Shareable link / PDF export | Yes / Pro | Paid tier | Link only | Paid tier | — |
| No account (full scan) | Yes | Limited | Yes | Yes | Yes |
| Monitoring & alerts | Included in Pro | $129+/mo | — | $11+/mo | — |
| Starting paid tier | $29 / mo | $129 / mo | Free only | $11 / mo | Free only |
Comparisons based on publicly listed features as of 2026. Competitor capabilities change — if anything here is outdated, let us know.
Examples of what we catch
We see what attackers see. Most owners have no idea their domain is exposed. These are the issues we catch most often, and every one of them lets someone in when ignored.
Subdomain takeover risk
A CNAME on your domain points at a deprovisioned cloud service. Anyone who registers the orphaned resource controls the subdomain, phishing from your brand, cookie theft, search-engine poisoning.
Outdated software with known CVEs
Your server is running Apache, nginx, PHP, or OpenSSL with publicly disclosed vulnerabilities. Attackers scan for these versions automatically, the exploits are already published.
Public WHOIS exposing owner data
Your registrant name, org, and contact info are visible in public WHOIS records. That's a verified target for phishing, social engineering, and domain hijacking attempts.
Domain expiring or blacklisted
Domain expires in under 30 days, or your IP appears on an email blacklist. Both happen silently and can take you offline or kill email delivery within hours.
What makes AcuityScan different
Everything in one place
Most website checkers do one thing. AcuityScan checks email deliverability, DNS, SSL certificates, page speed, SEO, accessibility compliance, privacy regulations, and mobile responsiveness in a single scan.
Fixes, not just findings
Other scanners tell you what's wrong and leave you to figure out what to do about it. Every AcuityScan finding comes with the exact steps to fix it, including copy-paste code snippets and configuration changes.
No account required
Run your first scan without signing up, without entering a credit card, and without sitting through a sales demo. The gives you all 350+ checks, no account needed.
Actual explanations
Technical findings are translated into business impact. Instead of "HSTS header missing," you see why it matters, who it affects, and exactly how to add it.
21+ standalone tools
Need just one quick answer? Our individual tools, DNS lookup, WHOIS, blacklist check, port scanner, and 16 more, give you instant results without running a full scan.
Built for agencies
White-label reports with your branding, bulk scanning, client dashboards, and scheduled monitoring. AcuityScan is the tool behind the tool your agency sells.
REST API + MCP for AI
Agency plan includes a clean REST API and an open-source MCP server for Claude Desktop, Cursor, and Continue. Run scans from your own scripts or ask your AI in plain English, “check stripe.com's email auth.”
Your AI builds. AcuityScan audits.
Your AI fixes.
Most AI coding tools are write-and-pray, they ship code without ever seeing the live result. AcuityScan closes the loop. Your AI agent can call our scanner directly through the Model Context Protocol, catch real issues on the deployed site, and ship the fix in the same conversation.
Inside Cursor
“Check staging for SEO + accessibility regressions before I merge.”
Cursor calls acuityscan_full_scan on your preview URL, gets back 350+ checks, and writes the fixes you asked for, all without leaving the editor.
Inside Claude Desktop
“Is acme.com's email auth set up correctly?”
Claude calls acuityscan_email, returns the live SPF/DKIM/DMARC status with plain-English explanations of what to change. Mid-conversation diagnosis, not pasted log files.
Works with Claude Desktop, Cursor, Continue, and any MCP-compatible client. Get your API key on the Agency plan.
Frequently asked questions
Everything you need to know about scanning with AcuityScan.
How accurate is the AcuityScan Score?
Can AcuityScan replace Google Lighthouse?
Does scanning affect my website?
What if I disagree with a finding?
How often should I scan my site?
Ready to see your score?
60 seconds. 350+ checks. No signup required.