Getting Started with CloviScan¶
What This Tool Does¶
CloviScan checks any website for common security vulnerabilities — SSL certificate health, security headers, DNS configuration, malware blacklists, open ports, and known software flaws — then rolls the results into a single 0–100 score with a letter grade. It is built for site owners, developers, and web agencies who need a fast, plain-English answer to "how secure is this site?" No software is installed on the site being scanned.
Quick Start¶
- Enter a domain. Go to CloviScan and type the domain you want to audit (for example,
example.com). No account is needed for your first free scan. - Run the scan. Click Run Free Scan. The scan takes 30–90 seconds while CloviScan checks your SSL certificate, response headers, DNS records, and external security databases.
- Read your score and top findings. Your results page shows a 0–100 score, a letter grade (A–F), and findings sorted by severity. Each finding includes a plain-English explanation of the problem and a specific step to fix it.
- Enable weekly monitoring (Pro). To receive alerts when your score changes or a critical issue appears, upgrade to Pro and turn on automated weekly monitoring for any domain.
Core Features¶
Security Score and Grading¶
Every scan produces a 0–100 score and an A–F letter grade. The score accounts for all active scan categories; critical findings subtract a fixed penalty regardless of other results. Track the score over time or share it with stakeholders without needing to interpret raw technical data.
Eight Scan Categories¶
CloviScan checks eight security areas: SSL/TLS health, HTTP security headers, DNS configuration, malware and blacklist status, open port detection, CMS and plugin version checks, cookie security flags, and CVE vulnerability scanning. All eight categories are available on every plan during your 7-day free trial and after it converts. Higher plans (Pro, Agency) add unlimited deep scans, real-time monitoring, more team seats, API access, and longer report retention. Each category produces its own sub-score so you know exactly where to focus first.
Plain-English Findings with Fix Steps¶
Every finding uses plain language before showing technical detail. A missing HSTS header is described as "Your site does not enforce HTTPS connections — browsers can be tricked into using an insecure version of your site," not as a raw header string. A specific remediation step follows every finding. Raw technical output (header values, CVE IDs) is available in an expandable section for developers.
Automated Weekly Monitoring¶
Register any domain for automated re-scans. If your score drops ten or more points versus the prior scan, or a new critical finding appears, CloviScan sends an email alert with the exact change. Real-time monitoring is available on Pro and Agency plans.
White-Label PDF Reports (Pro & Agency)¶
Export any scan result as a branded PDF with your own logo in place of CloviScan branding. The report includes the score gauge, a categorized findings table, severity badges, and remediation steps — ready to include in client deliverables.
Tips for Best Results¶
- Scan before you launch. SSL certificates, DNS records, and server headers are easy to misconfigure during setup and easy to verify before sending traffic.
- Fix Critical and High findings first. An active blacklist hit or expired certificate has an outsized score penalty and the greatest impact on visitor trust.
- Re-scan after applying fixes. CloviScan does not auto-update your score. Run a new scan after a fix to confirm the issue is resolved.
- Monitor all your active domains. Subdomains and staging environments go unmonitored longest and are common entry points for problems.
- Use scan history to show progress. The per-domain score timeline makes security improvements concrete when reporting to clients or management.
Frequently Asked Questions¶
Does CloviScan install anything on my site? No. It scans from the outside, exactly as a browser would. No credentials or server access are required.
Is there a free plan? No. CloviScan has four paid plans — Lite ($19), Starter ($39), Pro ($99), and Agency ($299) — and each comes with a 7-day free trial with full access to that plan's limits. Cancel before day 7 at no charge; otherwise your trial auto-converts to the plan you chose. A free email-gated instant sample scan is also available on the home page (a preview, not a plan).
How do the plans differ? Lite covers 1 deep scan and 10 instant scans per month across 3 domains (1 seat). Starter raises that to 3 deep scans, 10 domains, and 3 seats. Pro removes deep-scan limits and adds real-time monitoring, API access (60 req/min), 10 seats, and 365-day retention. Agency adds a multi-site client pool, white-label reports, a higher API rate (120 req/min), and 25 seats. See the per-plan limits table for the full ladder.
How long does a scan take? Most scans finish in 30–90 seconds. Scans that include port and CVE checks may take up to two minutes depending on server response speed.
Can I share scan results with someone else? Yes. Every completed scan has a read-only shareable link. Recipients can view the full results page without an account.
What should I do if my site appears on a malware blacklist? Audit your site for injected malicious code (check recently modified files and database content), remove any malicious content, then submit a review request to the flagging database. The finding card in CloviScan links to the review request process for the most common databases.
Usage Limits by Plan¶
| Feature | Free | Pro | Business |
|---|---|---|---|
| Monthly price | $0 | $19/mo | $49/mo |
| On-demand scans | 1/month | Unlimited | Unlimited |
| Domains | Up to 5 | Up to 50 | Unlimited |
| Scan categories | 3 (SSL, Headers, DNS) | All 8 | All 8 |
| Weekly automated monitoring | No | Yes | Yes |
| Scan history | 30 days | 12 months | 12 months |
| Email alerts | No | Yes | Yes |
| White-label PDF export | No | No | Yes |
| API access | No | No | Yes |
| Team seats | 1 | 1 | 10 |