I Made a Free Tool That Roasts Your Website's Health in 20 Seconds

Source: Dev.to

Introduction

I built a free website‑health scanner that checks for broken assets, SSL issues, missing security headers, and more. In just 20 seconds you can get a health report for any URL—no signup, no email required.

Try it:

How the Scanner Works

1. Fetches the page and enumerates every sub‑resource (scripts, stylesheets, images).
2. Validates each asset to ensure it returns a successful response.
3. Checks SSL certificate validity, expiry, and chain completeness.
4. Inspects response headers for security policies (e.g., HSTS, CSP, X‑Frame‑Options).
5. Validates structured data, Open Graph tags, and canonical URLs.
6. Looks for robots.txt and sitemap.xml files.

The results are returned as a prioritized report—critical issues first, informational findings last—written in plain language.

Common Findings

1. Broken Assets

• Images returning 404 – cosmetic but can affect user experience.
• Deleted scripts still referenced in HTML – can break page functionality (e.g., checkout forms).
• Stylesheets pointing to moved fonts – results in fallback fonts.

Roughly 30 % of sites scanned have at least one missing asset, and many owners are unaware.

2. SSL Certificate Problems

• Certificates about to expire – 88 % of companies experienced an outage from an expired cert in the past two years (Keyfactor 2024).
• Incomplete certificate chains – Chrome may work, but Safari shows warnings.
• Domain‑mismatched certificates after migrations.

The scanner flags certificates expiring within 30 days and verifies chain completeness.

3. Mixed Content

• HTTPS pages loading resources over HTTP – browsers block these silently, causing images or fonts not to render for first‑time visitors.
• Common on WordPress sites after SSL migration due to hard‑coded http:// URLs in the database.

4. Missing Security Headers

Almost every site scanned is missing at least two critical headers. Run a quick check on your own site:

curl -sI https://yoursite.com | grep -iE "strict-transport|content-security|x-frame|x-content-type|referrer-policy"

If the output is mostly empty, you lack basic protections against XSS, clickjacking, and MITM attacks. Adding these headers typically takes about 15 minutes.

5. SEO‑Related Issues

• Missing Open Graph tags – shared links appear bare on LinkedIn, Twitter, Slack.
• Malformed JSON‑LD – prevents rich snippets.
• Incorrect canonical URLs – splits SEO value across duplicate pages.

These issues don’t crash the site but make it invisible to search engines and social platforms.

6. Sitemap Problems

• Missing or 404 sitemap.xml – especially on SPA/Jamstack sites where the build pipeline forgets to generate or update the sitemap.

Why Standard Uptime Checks Miss These Issues

A typical uptime monitor only verifies that the server returns a 200 OK status. It won’t detect:

• Missing assets that still allow the page to load.
• Expired or misconfigured SSL certificates.
• Security headers or SEO metadata problems.

Thus, a site can appear “green” while harboring multiple hidden issues.

Using the Scanner

1. Visit .
2. Paste any URL and start the scan.
3. Review the prioritized report and follow the plain‑language recommendations to fix each issue.

The scan is a one‑time checkup. For continuous monitoring—receiving alerts as soon as a problem appears—consider the full Sitewatch service, which checks from multiple regions and notifies you before users notice.

---

All findings are based on real scans of production sites. No additional tools or sign‑ups are required.