Compare
Why not just use the free checkers?
SSL Labs, Security Headers, and MDN HTTP Observatory are excellent. We recommend them, we use them ourselves. Here's where Vantyris goes further and where the free tools are still the right call.
| Capability | SSL Labs | Security Headers | MDN Observatory | Vantyris |
|---|---|---|---|---|
| TLS / SSL grade | ✓ Deep | - | - | ✓ Standard |
| HTTP security headers | Partial | ✓ Deep | ✓ Standard | ✓ Standard |
| Cookies + CORS analysis | - | - | ✓ Standard | ✓ Standard |
| Port discovery | - | - | - | ✓ Bounded |
| Known web vulns (signed templates) | - | - | - | ✓ Curated |
| Email security (SPF/DKIM/DMARC) | - | - | - | ✓ Standard |
| DNS hygiene / CAA | - | - | - | ✓ Standard |
| Attack-surface map (IPs, NS, MX, DNSSEC, registrar, age, subdomains) | - | - | - | ✓ NCSC EASM |
| Reputation: Safe Browsing + Spamhaus + SURBL + others | - | - | - | ✓ 6 lists |
| Supply-chain: third-party scripts + SRI checks | - | - | - | ✓ Per script |
| Privacy: pre-consent trackers, cookie banner, IAB TCF | - | - | - | ✓ Surface scan |
| Technology fingerprinting (CMS, framework, versions) | - | - | - | ✓ Standard |
| 9-axis category-coverage grid | - | - | - | ✓ Per scan |
| Fix Roadmap (today / this week / later, by owner) | - | - | - | ✓ Built-in |
| Typed owner + effort enums per finding | - | - | - | ✓ Every finding |
| Plain-English remediation | Partial | Partial | Partial | ✓ Every finding |
| Cyber Essentials A1-A5 mapping | - | - | - | ✓ Per finding |
| CISA KEV + priority scoring | - | - | - | ✓ Composite |
| Workflow + comments + audit trail | - | - | - | ✓ Every finding |
| Score trend chart over time | - | - | - | ✓ Per target |
| Four PDF layouts (full / exec / work order / compliance) | - | - | - | ✓ One scan |
| Public trust page + share links | - | - | - | ✓ Time-limited |
| Continuous monitoring + alerts | - | - | - | ✓ Optional |
| Portfolio view + bulk re-scan | - | - | - | ✓ Workspace |
| Read-only API for CI / SOC | - | - | - | ✓ Bearer token |
| White-label PDF + trust page | - | - | - | ✓ Pro / Agency |
| Free to use | ✓ | ✓ | ✓ | Teaser free · verified from €10 |
If you only need to check your TLS configuration, SSL Labs is the right tool, please use it. The same goes for Security Headers for HTTP headers and MDN Observatory for a cross-cutting cookie + headers review.
Vantyris exists for owners who want every category checked together, the findings explained in language they can use with their web host, and the whole thing in one PDF they can hand to their accountant or insurer. We unify what the free tools introduced, the grade letter, the plain explanation, the actionable fix, and bind it to a remediation library across more checks than any single free tool covers.
Where Vantyris pulls away from the free tools is at the post-scan layer. A workflow you can triage in (mark fixed, accept with reason, assign to a contact email, comments, audit history). Three PDF layouts from the same scan (full editorial, executive one-page, single-issue work order). Continuous monitoring with alerts only on the three signals that move the needle. A public trust page or a watermarked time-limited share link to put in front of an insurer or a customer's procurement team without an account on either side. A read-only API for the people who script their security work. The free tools answer "is my site configured correctly?"; Vantyris answers "how do I run a security baseline as a business owner, and how do I prove it?"
We're also explicit about what we don't do. Vantyris is not a penetration test, not a compliance certification, and not a replacement for an in-house security team if you have one. The free tools and Vantyris cover overlapping ground; the question is whether stitching together four tabs and four mental models pays off vs paying €10 for one report.
See a real example: sample report.