AI built your site.
Did it secure it?

Most AI-generated sites ship with misconfigured email records, weak certificate settings, and zero spoofing protection. Find out where yours stands in 4 seconds.

or see a sample report →
0
Scans today
0
Avg score (AI sites)
0
Issues surfaced this week
The problem

AI tools build fast.
They don't secure you.

Lovable, Bolt, v0, Framer, Wix AI — they'll ship a beautiful site in minutes. None of them configure your email security, pin your certificate authority, or tell you when your domain appears in a breach database. That's not a criticism. It's just not their job.

It's yours. And it takes about 4 seconds to check.

// typical AI site
SPFmissing
DMARCmissing
DKIMmissing
CAAmissing
Score41 / 100
// after Pulsar
SPFpass
DMARCenforcing
DKIM2048-bit
CAApinned
Score94 / 100
See a real report

The whole picture, on one screen.

A score, a grade, and a prioritized fix list — ranked by impact. No dashboards to learn. No jargon to decode.

pulsar.io/scan/acme.example
B−
72 / 100

acme.example

Strong certificate and DNS redundancy, but email spoofing protection needs attention.

11 passing 4 warnings 2 critical
Email spoofing
Warn
DMARC policyFail

A DMARC record exists, but the policy is p=none — failing messages are reported, not rejected. Attackers can still spoof your domain.

_dmarcv=DMARC1; p=none; rua=mailto:dmarc@acme.example

Fix: Move to p=quarantine after 30 days of clean reports, then to p=reject.

SPF recordPass
TXTv=spf1 include:_spf.google.com ~all
Open the full sample report →
What Pulsar checks

Four checks. Four seconds.
No account.

Anyone can send email as you.
Unless you stop them.

SPF, DKIM, and DMARC are the three DNS records that decide whether a scammer can impersonate your domain. Most AI-built sites have none of them. We check all three and tell you exactly what to fix.

SPFPass
DKIMPass
DMARCp=none — monitoring only
Your certificate will expire.
We'll catch it first.

A lapsed certificate takes your site offline for everyone. Hosting platforms auto-renew — until they don't. We read your cert directly and tell you the exact date you need to act by.

TLSValid
IssuerLet's Encrypt
Expires42 days
VersionTLS 1.3
Close the doors your
builder left open.

CAA records restrict which certificate authorities can issue certs for your domain. DNSSEC protects against DNS hijacking. Neither gets configured automatically. Both matter.

CAAMissing — any CA can issue
DNSSECIncomplete chain
MX3 hosts, priority set
Your email might already
be in a breach database.

Staff email addresses linked to your domain show up in third-party breaches constantly — especially when people reuse work emails on other services. We check and tell you how many.

Breaches3 corpora, 47 addresses
Oldest2019-01
Most recent2024-03
How it works

Type a domain. Read the report.
Fix the issues.

01

Enter your domain

The domain you built with AI, bought last week, or have been running for years. No account needed.

02

We check public records

DNS lookups and one TLS handshake. We never touch your servers, see your traffic, or store anything.

03

Get a prioritized report

A score, a grade, and the fixes that matter most — explained in plain English, not security jargon.

How we work

Passive. Read-only.
We never touch your servers.

Every check uses public DNS records and a standard TLS handshake — the same thing every browser does.
We never see your traffic, your mail, or anything inside your systems.
No account required. We store nothing about the domains you scan.
FAQ

Questions, answered.

My site was built by AI — why would it be insecure?
AI site builders (Lovable, Bolt, v0, Framer, Wix AI, etc.) focus on design and functionality. Email authentication records (SPF, DKIM, DMARC), certificate authority pinning (CAA), and DNSSEC setup live in your DNS — outside their scope. They're not misconfiguring you; they're just not configuring this part at all.
Is it legal to scan any domain?
Our checks are passive — the same public DNS lookups and TLS handshake any browser makes on every visit. Scan domains you own or are authorized to assess.
Do you store my results?
No. Scans run on demand and results aren't retained. There's no account and nothing to leak.
How accurate is the DKIM check?
DKIM keys live on selector names that can't be enumerated from DNS — we can't see all of them. We detect your mail provider and probe its known selectors. When we can't confirm a key but your DMARC is enforcing, we mark it "unconfirmed" rather than failing you. No false alarms.
What does the score mean?
A 0–100 hygiene score mapped to an A–F grade, weighted by severity. A failed DMARC policy costs more than a missing CAA record. Unconfirmed checks never count against you.
Is there an API?
Yes. Every scan is available as JSON at /api/scan?domain=. Metered API access is on the roadmap.

Scan your domain now.
Free. 4 seconds. No signup.