Documentation
Domain Intelligence
Concurrent WHOIS, DNS, SSL, HTTP header, screenshot, reputation, email security, subdomain, certificate transparency, BGP/ASN, technology fingerprinting, and threat intelligence lookups for any domain.
https://api.securityaccelerated.com v0.51.0
support@securityaccelerated.com
Authentication
All requests require an API key passed via the X-API-Key header:
X-API-Key: your-api-key-here| Scenario | Response |
|---|---|
| Missing API key | 401 Unauthorized |
| Invalid API key | 401 Unauthorized |
| Feature not included in plan | 403 Forbidden |
Plans
Feature access and limits are determined by your API key's plan.
| Free | Basic | Pro | |
|---|---|---|---|
| Rate limit | 5 req/min | 30 req/min | 120 req/min |
| Max domains per request | 1 | 5 | 20 |
| WHOIS, DNS, SSL, Headers | Included | Included | Included |
| Email Security | Included | Included | Included |
| Subdomains | Included | Included | Included |
| CT Logs | Included | Included | Included |
| BGP / ASN | Included | Included | Included |
| Fingerprint | Included | Included | Included |
| Screenshot | -- | -- | Pro |
| Reputation | -- | -- | Pro |
| Threat Intelligence | -- | -- | Pro |
Pricing
Get started with a free plan or upgrade for higher limits and premium features.
| Plan | Features | |
|---|---|---|
| Free | 5 req/min, 1 domain/request, core lookups | Included with any API key |
| Basic | 30 req/min, 5 domains/request, core lookups + email security, subdomains, CT logs, BGP, fingerprint | Subscribe |
| Pro | 120 req/min, 20 domains/request, all lookups including screenshot, reputation, and threat intel | Subscribe |
After subscribing, your API key will be shown on a one-time confirmation page. Save it immediately -- it cannot be retrieved again.
Already a subscriber? Manage your subscription
Rate Limiting
Requests are rate-limited per API key using a sliding window. Every response includes rate limit headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed per minute |
X-RateLimit-Remaining | Requests remaining in the current window |
Retry-After | Seconds until the window resets (only present on 429 responses) |
When the limit is exceeded, the API returns 429 Too Many Requests. Wait until the Retry-After period expires before retrying.
Domain Intelligence
POST
/v1/domain/lookup
Look up one or more domains concurrently. Returns WHOIS, DNS, SSL, and HTTP header data by default for each domain. Optional flags enable additional lookups. All lookups run concurrently with a 30-second timeout.
Request Body
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
domains |
string[] |
Required | -- | Domain names to look up. Max count depends on plan (1 / 5 / 20). |
screenshot |
bool |
Optional | false |
Capture a page screenshot. Pro |
reputation |
bool |
Optional | false |
Check domain against threat blocklists. Pro |
email_security |
bool |
Optional | false |
Check SPF, DMARC, and DKIM records. |
subdomains |
bool |
Optional | false |
Enumerate subdomains via Certificate Transparency logs. |
ct_logs |
bool |
Optional | false |
Query Certificate Transparency logs for issued certificates. |
bgp |
bool |
Optional | false |
Look up BGP/ASN information for the domain's IP addresses. |
fingerprint |
bool |
Optional | false |
Detect web technologies from HTTP response headers. |
threat_intel |
bool |
Optional | false |
Query threat intelligence feeds (VirusTotal, URLhaus, AlienVault OTX). Pro |
Domain Normalization
Domain names are normalized automatically. You can pass bare domains or full URLs with any scheme — the API extracts the hostname by stripping scheme prefixes, userinfo, ports, paths, query strings, and fragments. The result is lowercased. The domain field in the response shows exactly what was looked up. Raw IP addresses are rejected — use the IP Intelligence endpoint instead.
| You send | We look up |
|---|---|
example.com | example.com |
https://example.com/path?q=1 | example.com |
ftp://example.com | example.com |
example.com:8080 | example.com |
user:pass@example.com | example.com |
Example.COM/ | example.com |
Example
curl -X POST https://api.securityaccelerated.com/v1/domain/lookup \
-H 'Content-Type: application/json' \
-H 'X-API-Key: your-api-key' \
-H 'X-Client-Request-ID: req-001' \
-d '{
"domains": ["example.com"],
"email_security": true,
"subdomains": true
}'import requests
resp = requests.post(
"https://api.securityaccelerated.com/v1/domain/lookup",
headers={
"X-API-Key": "your-api-key",
"X-Client-Request-ID": "req-001",
},
json={
"domains": ["example.com"],
"email_security": True,
"subdomains": True,
},
)
if resp.status_code != 200:
print("Error:", resp.json()["error"])
else:
results = resp.json()
for result in results:
print(result["domain"], result["dns"]["a"])package main
import (
"bytes"
"encoding/json"
"fmt"
"net/http"
)
func main() {
body, _ := json.Marshal(map[string]any{
"domains": []string{"example.com"},
"email_security": true,
"subdomains": true,
})
req, _ := http.NewRequest("POST",
"https://api.securityaccelerated.com/v1/domain/lookup",
bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
req.Header.Set("X-API-Key", "your-api-key")
req.Header.Set("X-Client-Request-ID", "req-001")
resp, err := http.DefaultClient.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
var apiErr map[string]string
json.NewDecoder(resp.Body).Decode(&apiErr)
fmt.Println("Error:", apiErr["error"])
return
}
var results []map[string]any
json.NewDecoder(resp.Body).Decode(&results)
fmt.Println(results[0]["domain"])
}Response Structure
The response is always a JSON array, even for single-domain requests. Each element contains the core lookup results plus any optional fields that were requested.
[
{
"domain": "example.com",
"cache_hit": false,
"whois": { ... },
"dns": { ... },
"ssl": { ... },
"headers": { ... },
"email_security": { ... },
"subdomains": { ... },
"threat_intel": { ... },
"errors": []
}
]Optional fields (screenshot, reputation, email_security, subdomains, ct_logs, bgp, fingerprint, threat_intel) are only present in the response when requested.
Invalid Domains
Invalid domains in a multi-domain request do not fail the entire request. They are included in the response with a validation error while valid domains return normally:
[
{
"domain": "example.com",
"cache_hit": false,
"whois": { "domain_name": "example.com", ... },
"dns": { ... },
"ssl": { ... },
"headers": { ... }
},
{
"domain": "notadomain",
"errors": [{ "lookup": "validation", "message": "invalid domain name" }]
}
]Response Fields
whois -- Domain Registration
| Field | Type | Description |
|---|---|---|
domain_name | string | The registered domain name |
registrar | string | Registrar (e.g., GoDaddy, Namecheap) |
created_date | string | Registration date -- new domains are higher risk |
updated_date | string | Last modification date |
expiry_date | string | Expiration date -- expiring domains are red flags |
status | string[] | EPP status codes (e.g., clientTransferProhibited) |
name_servers | string[] | Authoritative DNS servers |
registrant | object | Registrant contact (name, organization, country, email) |
admin | object | Administrative contact |
tech | object | Technical contact |
{
"domain_name": "example.com",
"registrar": "RESERVED-Internet Assigned Numbers Authority",
"created_date": "1995-08-14T04:00:00Z",
"updated_date": "2024-08-14T07:01:38Z",
"expiry_date": "2025-08-13T04:00:00Z",
"status": ["clientDeleteProhibited", "clientTransferProhibited"],
"name_servers": ["a.iana-servers.net", "b.iana-servers.net"],
"registrant": { "organization": "REDACTED FOR PRIVACY", "country": "US" }
}Contact fields are often redacted by WHOIS privacy services.
dns -- DNS Records
| Field | Type | Description |
|---|---|---|
a | string[] | IPv4 addresses |
aaaa | string[] | IPv6 addresses |
mx | object[] | Mail servers (host, priority) |
ns | string[] | Name servers |
txt | string[] | TXT records (SPF, verification tokens, etc.) |
cname | string | Canonical name alias |
{
"a": ["93.184.216.34"],
"aaaa": ["2606:2800:220:1:248:1893:25c8:1946"],
"mx": [{ "host": "mail.example.com", "priority": 10 }],
"ns": ["a.iana-servers.net", "b.iana-servers.net"],
"txt": ["v=spf1 -all"]
}ssl -- TLS Certificate
| Field | Type | Description |
|---|---|---|
subject | string | Entity the certificate was issued to |
issuer | string | Certificate authority |
not_before | string | Start of validity period |
not_after | string | End of validity period |
expired | bool | Whether the certificate has expired |
days_until_expiry | int | Days remaining until expiration |
sans | string[] | Subject Alternative Names -- all hostnames the cert covers |
serial_number | string | Certificate serial number |
signature_algorithm | string | Cryptographic algorithm (e.g., SHA-256) |
{
"subject": "www.example.org",
"issuer": "DigiCert Global G2 TLS RSA SHA256 2020 CA1",
"not_before": "2024-01-30T00:00:00Z",
"not_after": "2025-03-01T23:59:59Z",
"expired": false,
"days_until_expiry": 142,
"sans": ["www.example.org", "example.net", "example.org"],
"serial_number": "0F:BE:08:B0:85:4D:05:73:8A:B0...",
"signature_algorithm": "SHA256-RSA"
}headers -- HTTP Response
| Field | Type | Description |
|---|---|---|
status_code | int | HTTP status code (200, 301, 404, etc.) |
headers | object | Raw response headers as key-value pairs |
security_headers | object | Security header audit (see below) |
Security Headers Checked
| Field | HTTP Header |
|---|---|
strict_transport_security | Strict-Transport-Security (HSTS) |
content_security_policy | Content-Security-Policy (CSP) |
x_frame_options | X-Frame-Options |
x_content_type_options | X-Content-Type-Options |
x_xss_protection | X-XSS-Protection |
referrer_policy | Referrer-Policy |
permissions_policy | Permissions-Policy |
{
"status_code": 200,
"headers": {
"Server": "ECAcc (dcd/7D5A)",
"Content-Type": "text/html; charset=UTF-8",
"Cache-Control": "max-age=604800"
},
"security_headers": {
"strict_transport_security": "max-age=31536000",
"x_content_type_options": "nosniff",
"x_frame_options": "DENY"
}
}screenshot -- Page Screenshot Pro
| Field | Type | Description |
|---|---|---|
status_code | int | HTTP status code from probing the domain |
png | string | Base64-encoded PNG image (empty for non-200 responses) |
{
"status_code": 200,
"png": "iVBORw0KGgoAAAANSUhEUgAA..."
}Tries HTTPS first, then falls back to HTTP. Captured at 1280x720 with headless Chrome.
reputation -- Domain Reputation Pro
| Field | Type | Description |
|---|---|---|
score | int | Risk score from 0 (clean) to 100 (maximum risk) |
risk | string | clean, low, medium, or high |
providers | array | Per-provider results |
Provider Result
| Field | Type | Description |
|---|---|---|
listed | bool | Whether the domain appears on this blocklist |
category | string | Classification if listed (e.g., phishing, malware) |
provider | string | Blocklist name |
return_code | string | Raw DNS return code (only when listed) |
{
"score": 35,
"risk": "medium",
"providers": [
{ "listed": true, "category": "phishing", "provider": "spamhaus_dbl", "return_code": "127.0.1.4" },
{ "listed": false, "provider": "surbl" },
{ "listed": false, "provider": "uribl" },
{ "listed": false, "provider": "spamhaus_zen" }
]
}Providers
The following blocklists are checked: Spamhaus DBL, SURBL, URIBL, and Spamhaus ZEN.
Risk Levels
| Risk | Score Range |
|---|---|
| clean | 0 |
| low | 1 -- 29 |
| medium | 30 -- 59 |
| high | 60 -- 100 |
email_security -- Email Authentication
spf -- Sender Policy Framework
| Field | Type | Description |
|---|---|---|
raw | string | Full SPF TXT record |
version | string | SPF version (typically spf1) |
mechanisms | string[] | Parsed mechanisms (include:, ip4:, etc.) |
all | string | Terminal qualifier: -all, ~all, ?all, or +all |
dmarc -- DMARC Policy
| Field | Type | Description |
|---|---|---|
raw | string | Full DMARC TXT record |
version | string | DMARC version (typically DMARC1) |
policy | string | none, quarantine, or reject |
pct | int | Percentage of messages the policy applies to |
rua | string | Aggregate report destination |
ruf | string | Forensic report destination |
sp | string | Subdomain policy |
dkim -- DKIM Records
| Field | Type | Description |
|---|---|---|
selector | string | Selector name probed |
found | bool | Whether a DKIM record exists for this selector |
raw | string | Full DKIM TXT record (only when found) |
{
"spf": {
"raw": "v=spf1 include:_spf.google.com -all",
"version": "spf1",
"mechanisms": ["include:_spf.google.com"],
"all": "-all"
},
"dmarc": {
"raw": "v=DMARC1; p=reject; rua=mailto:dmarc@example.com",
"version": "DMARC1",
"policy": "reject",
"rua": "mailto:dmarc@example.com"
},
"dkim": [
{ "selector": "google", "found": true, "raw": "v=DKIM1; k=rsa; p=MIGf..." },
{ "selector": "default", "found": false }
]
}DKIM probes 8 common selectors:
google, default, selector1, selector2, k1, s1, mail, dkim.subdomains -- Subdomain Enumeration
| Field | Type | Description |
|---|---|---|
count | int | Number of subdomains returned |
capped | bool | true if results were truncated at the cap (500) |
subdomains | array | Discovered subdomains |
Subdomain Entry
| Field | Type | Description |
|---|---|---|
domain | string | The subdomain |
source | string | Data source (crt.sh) |
{
"count": 3,
"capped": false,
"subdomains": [
{ "domain": "www.example.com", "source": "crt.sh" },
{ "domain": "mail.example.com", "source": "crt.sh" },
{ "domain": "api.example.com", "source": "crt.sh" }
]
}ct_logs -- Certificate Transparency Logs
| Field | Type | Description |
|---|---|---|
count | int | Number of certificate entries returned |
capped | bool | true if results were truncated at the cap (100) |
entries | array | Certificate log entries, sorted newest-first |
CT Log Entry
| Field | Type | Description |
|---|---|---|
logged_at | string | When the certificate was logged to CT |
not_before | string | Certificate validity start |
not_after | string | Certificate validity end |
issuer | string | Certificate Authority |
common_name | string | Certificate CN field |
name_value | string | All names covered by the certificate |
serial | string | Certificate serial number |
{
"count": 2,
"capped": false,
"entries": [
{
"logged_at": "2024-01-15T00:00:00",
"not_before": "2024-01-15T00:00:00",
"not_after": "2025-04-15T23:59:59",
"issuer": "Let's Encrypt",
"common_name": "example.com",
"serial": "abc123def456"
}
]
}Reveals infrastructure, related domains, and issuance patterns. Useful for detecting phishing campaigns and tracking certificate history.
bgp -- BGP / ASN Enrichment
| Field | Type | Description |
|---|---|---|
records | array | ASN records, deduplicated by ASN |
ASN Record
| Field | Type | Description |
|---|---|---|
ip | string | Resolved IP address |
asn | int | Autonomous System Number |
prefix | string | IP prefix (CIDR notation) |
country | string | Country code |
registry | string | Regional Internet Registry (arin, ripe, apnic, etc.) |
description | string | Organization name |
{
"records": [
{
"ip": "93.184.216.34",
"asn": 15133,
"prefix": "93.184.216.0/24",
"country": "US",
"registry": "arin",
"description": "EDGECAST, US"
}
]
}Identifies who owns the IP behind the domain. Useful for pivot analysis and detecting bulletproof hosting.
fingerprint -- Technology Fingerprinting
Detects web servers, frameworks, CDNs, CMS platforms, and programming languages from HTTP response headers. No extra HTTP requests are made -- detection uses the headers already fetched. Approximately 90 technologies are covered.
| Field | Type | Description |
|---|---|---|
count | int | Number of detected technologies |
technologies | array | Detected technologies |
Technology Entry
| Field | Type | Description |
|---|---|---|
name | string | Technology name (e.g., Nginx, PHP, Cloudflare) |
category | string | Category (see below) |
version | string | Version extracted from header value (empty if not detectable) |
confidence | string | Which signal matched: header or cookie |
{
"count": 2,
"technologies": [
{ "name": "Nginx", "category": "web-server", "version": "1.25.3", "confidence": "header" },
{ "name": "Cloudflare", "category": "cdn", "version": "", "confidence": "header" }
]
}Categories
web-server, language, framework, cdn, cms, analytics, security, hosting, cache, javascript, other
threat_intel -- Threat Intelligence Pro
Queries external threat intelligence feeds concurrently and returns an aggregated risk assessment. Three providers are queried: VirusTotal (70+ antivirus engines), URLhaus (Abuse.ch malware URL database), and AlienVault OTX (community threat pulses).
| Field | Type | Description |
|---|---|---|
risk_level | string | Aggregate risk: none, low, medium, high, or critical |
score | int | Weighted aggregate score (0--100) |
categories | string[] | Merged threat categories across all providers |
providers | array | Per-provider results (see below) |
Provider Result
| Field | Type | Description |
|---|---|---|
provider | string | Provider name: virustotal, urlhaus, or alienvault_otx |
detected | bool | Whether the provider flagged this domain |
score | int | Provider-specific score (0--100). Omitted when not detected. |
categories | string[] | Threat categories from this provider. Omitted when not detected. |
details | string | Human-readable summary (e.g., "3/70 engines detected this domain"). Omitted when not detected. |
{
"risk_level": "medium",
"score": 45,
"categories": ["malware"],
"providers": [
{
"provider": "virustotal",
"detected": true,
"score": 3,
"categories": ["malware"],
"details": "3/70 engines detected this domain"
},
{
"provider": "urlhaus",
"detected": false
},
{
"provider": "alienvault_otx",
"detected": true,
"score": 20,
"categories": ["malware"],
"details": "5 threat pulses reference this domain"
}
]
}Scoring
The aggregate score is a weighted average across providers: VirusTotal (50%), URLhaus (30%), AlienVault OTX (20%). Risk levels map from the aggregate score: 0 = none, 1--20 = low, 21--50 = medium, 51--80 = high, 81--100 = critical.
errors -- Partial Failures
Individual lookups can fail without blocking the rest of the response. Each error contains:
| Field | Type | Description |
|---|---|---|
lookup | string | Which lookup failed (e.g., whois, dns, ssl) |
message | string | Human-readable error description |
Full Response Example
A complete response with all optional features enabled (screenshot, reputation, email_security, subdomains, ct_logs, bgp, fingerprint, threat_intel):
[
{
"domain": "example.com",
"cache_hit": false,
"whois": {
"domain_name": "example.com",
"registrar": "RESERVED-Internet Assigned Numbers Authority",
"created_date": "1995-08-14T04:00:00Z",
"expiry_date": "2025-08-13T04:00:00Z",
"name_servers": ["a.iana-servers.net", "b.iana-servers.net"]
},
"dns": {
"a": ["93.184.216.34"],
"aaaa": ["2606:2800:220:1:248:1893:25c8:1946"],
"ns": ["a.iana-servers.net", "b.iana-servers.net"],
"txt": ["v=spf1 -all"]
},
"ssl": {
"subject": "www.example.org",
"issuer": "DigiCert Global G2 TLS RSA SHA256 2020 CA1",
"not_after": "2025-03-01T23:59:59Z",
"expired": false,
"days_until_expiry": 142,
"sans": ["www.example.org", "example.net", "example.org"]
},
"headers": {
"status_code": 200,
"headers": { "Server": "ECAcc (dcd/7D5A)" },
"security_headers": {
"strict_transport_security": "max-age=31536000",
"x_content_type_options": "nosniff"
}
},
"screenshot": {
"status_code": 200,
"png": "iVBORw0KGgoAAAANSUhEUgAA..."
},
"reputation": {
"score": 0,
"risk": "clean",
"providers": [
{ "listed": false, "provider": "spamhaus_dbl" },
{ "listed": false, "provider": "surbl" },
{ "listed": false, "provider": "uribl" },
{ "listed": false, "provider": "spamhaus_zen" }
]
},
"email_security": {
"spf": { "raw": "v=spf1 -all", "version": "spf1", "all": "-all" },
"dmarc": { "raw": "v=DMARC1; p=reject", "version": "DMARC1", "policy": "reject" },
"dkim": [{ "selector": "default", "found": false }]
},
"subdomains": {
"count": 2,
"capped": false,
"subdomains": [
{ "domain": "www.example.com", "source": "crt.sh" },
{ "domain": "mail.example.com", "source": "crt.sh" }
]
},
"ct_logs": {
"count": 1,
"capped": false,
"entries": [
{ "logged_at": "2024-01-15T00:00:00", "issuer": "Let's Encrypt", "common_name": "example.com", "serial": "abc123" }
]
},
"bgp": {
"records": [
{ "ip": "93.184.216.34", "asn": 15133, "prefix": "93.184.216.0/24", "country": "US", "description": "EDGECAST, US" }
]
},
"fingerprint": {
"count": 1,
"technologies": [
{ "name": "ECAcc", "category": "cdn", "version": "", "confidence": "header" }
]
},
"threat_intel": {
"risk_level": "none",
"score": 0,
"providers": [
{ "provider": "virustotal", "detected": false },
{ "provider": "urlhaus", "detected": false },
{ "provider": "alienvault_otx", "detected": false }
]
},
"errors": []
}
]Caching
Results are cached for 60 minutes. The cache_hit field on each response indicates whether data was served from cache or fetched live.
Error Handling
| Status | Meaning |
|---|---|
400 Bad Request | Invalid request body, missing domains field, or invalid domain name |
401 Unauthorized | Missing or invalid API key |
403 Forbidden | Your plan does not include this endpoint or feature |
413 Content Too Large | Request body exceeds the 1 MB limit |
429 Too Many Requests | Rate limit exceeded -- check the Retry-After header |
500 Internal Server Error | Server error -- contact support@securityaccelerated.com |
Error Response Format
All error responses use this format:
{
"error": "description of the problem"
}Partial failures within a domain lookup are different from HTTP error responses. When individual lookups fail (e.g., a WHOIS server is unreachable), the request still returns
200 OK with the successful lookups populated and failures listed in the errors array.Request Correlation
You can pass an optional X-Client-Request-ID header with your own correlation ID for end-to-end tracing. The API echoes it back in the response headers and includes it in server-side logs.
| Header | Direction | Description |
|---|---|---|
X-Client-Request-ID | Request | Your correlation ID (max 64 chars; alphanumeric, hyphens, underscores, dots, colons) |
X-Request-ID | Response | Server-generated UUID for every request. Reference this when contacting support. |
What's New
v0.51.0
- Subdomain enumeration is now subject to a tighter per-plan domain cap (subdomain.max_domains.*). The config keys and defaults shipped earlier; this is the missing enforcement
v0.50.1
- Domain normalization now strips any URL scheme (ftp, ssh, etc.), not just http/https
v0.50.0
- Domain inputs with paths, ports, query strings, and fragments are now normalized instead of rejected
v0.44.0
- DNS lookups now use external resolvers (Google, Cloudflare, OpenDNS) with automatic fallback
v0.41.0
- New endpoint: POST /v1/ip/lookup — GeoIP, ASN, reverse DNS, abuse contact, and threat intelligence for IP addresses
- IP threat intelligence requires a pro plan (same as domain threat_intel)
- GeoIP and ASN data powered by MaxMind GeoLite2 databases (loaded from disk, refreshable via admin endpoint)
v0.40.0
- Domain input validation now rejects ports, paths, query strings, fragments, and userinfo
v0.38.0
- Partial lookup failures now include error_count in the response for better client-side observability
v0.36.0
- VirusTotal provider is now best-effort when rate-limited instead of failing the whole lookup
- Added threat intelligence section to API docs
v0.34.0
- Added Stripe billing integration with webhook handling and API key provisioning
- New /billing/success page for post-checkout key retrieval
- Customer Portal link for subscription management
v0.33.0
- Added threat intelligence lookups — VirusTotal, URLhaus, and AlienVault OTX with weighted scoring
- Threat intel available for pro and admin plans via threat_intel option
v0.32.0
- Added BGP/ASN lookups with origin AS, prefix, and RIR information
- BGP data available for all plans via bgp option
v0.31.0
- Added certificate transparency log lookups via crt.sh
- CT log data available for all plans via ct_logs option
v0.30.0
- Added technology fingerprinting — detects web servers, frameworks, CDNs, and more from HTTP headers
- ~90 built-in detection rules, hot-reloadable via admin endpoint
v0.19.0
- Added subdomain enumeration via certificate transparency data
- Subdomain results included in domain lookup response via subdomains option
v0.18.0
- Added X-Client-Request-ID header support for client-supplied request correlation
v0.16.0
- Added email security analysis — SPF, DKIM, and DMARC record validation
- Email security available for all plans via email_security option
v0.15.0
- Plan-based limits on domains per request — free: 1, basic: 5, pro: 20
v0.13.0
- Added per-plan rate limiting — free: 5/min, basic: 30/min, pro: 120/min
v0.9.0
- Added domain reputation lookups with multi-provider scoring (Spamhaus, Google Safe Browsing, PhishTank)
- Reputation available for pro and admin plans via reputation option
v0.6.0
- Added page screenshot capture via headless Chrome
- Screenshots available for pro and admin plans via screenshot option
v0.3.0
- Support for multiple domains per request via domains array
v0.1.0
- Initial release — WHOIS, DNS, SSL, and HTTP header lookups with Redis caching
- API key authentication with plan-based access control