Website Security & Performance Audit

Your website has problems
you don't know about.

Paravane scans your domain in seconds, surfaces every security gap and marketing weakness, and deploys agents that fix them — before they cost you customers, credibility, or sleep.

The Problem

The threats your website
faces silently.

Most small business websites have critical vulnerabilities sitting in plain sight. You're not hacked yet. But the door is unlocked.

01 - CRITICAL

Anyone can impersonate your email

Without DMARC and SPF records, scammers can send emails that look exactly like they came from you : to your clients, your vendors, your bank. You won't know until the damage is done.

02 - HIGH RISK

Your credentials may be exposed

A misconfigured deployment can leave your .env file : the file holding your API keys, database passwords, and payment credentials : visible to anyone who knows where to look.

03 - INVISIBLE COST

Google can't index you properly

No sitemap. No schema. No Open Graph tags. Your marketing spend is evaporating because the technical foundation that makes search engines work isn't there.

HOW IT WORKS

Three steps to a
bulletproof domain.

01 // SCAN

Scan your domain.

Enter your domain. Paravane runs 18 checks across security and marketing in seconds. No account required.

02 // REPORT

Receive report.

See a clear picture of every problem, why it matters, and exactly what it costs to fix. No jargon.

03 // RESOLVE

Agents fix it.

When you approve the scope, our remediation agents execute the fixes, verify results, and lock it down.

WHY PARAVANE

Built for the
unseen battles.

iGloo Digital Services has spent years fixing the same preventable problems across hundreds of small business websites. A spoofed email destroys a client relationship overnight. An expired SSL cert empties a shopping cart. A missing robots.txt tanks months of SEO work.

Paravane runs ahead of the threat: scanning, identifying, and deploying autonomous agents to fix problems before bad actors, Google penalties, or customer distrust find them first.

18
Checks per scan
<60s
Time to results
4
DNS providers
$0
Cost to scan

THE FULL AUDIT

18 checks.
One complete picture.

DMARC Record

Stops email spoofing and domain impersonation by strictly verifying incoming messages.

SPF Policy

Authorizes legitimate servers to send mail on behalf of your domain.

DKIM Signing

Cryptographic proof to receiving servers that your email is authentic.

HTTPS Enforcement

Secures all data transmitted to visitors, preventing man-in-the-middle attacks.

.env Exposure

Probes server structures for accidentally leaked API keys and environment variables.

.git Directory

Detects publicly accessible source code repositories on your live server domain.

Security Headers

Verifies protections against cross-site scripting (XSS) and clickjacking attacks.

robots.txt Policy

Directs search engine crawlers properly, preventing indexation of private areas.

XML Sitemap

Maps all valid endpoints to guarantee complete structural indexing by Google.

Schema Markup

Validates structured data to enable rich snippet displays in search rankings.

Core Web Vitals

Measures load performance to prevent mobile bounce rates and search penalties.

Mobile Usability

Checks viewport configurations and touch target spacing for mobile environments.

What's at stake

The cost of doing nothing is
higher than you think.

  • A spoofed email from "you" tricks a client into wiring money to a fraudster. You find out when they call, furious, having lost $12,000.
  • Google updates its algorithm and your site drops to page 3 — because you had no schema, no sitemap, and a 7-second load time on mobile.
  • A visitor sees a browser warning that your site "may not be safe." They leave. They don't come back. They don't tell you why.
  • A competitor with the same offering but a cleaner, faster, more credible website wins the client you've been nurturing for three months.
43%

of cyberattacks target small businesses — and 60% of those businesses close within six months of a breach.

$200K

average cost of a data breach for a small business — most of which was preventable with basic security hygiene.

THE OTHER SIDE

What your business looks like
after Paravane.

Trusted Email

DMARC reject, SPF hard-fail, DKIM signed. Your emails reach inboxes. Nobody can fake being you. Your brand reputation is protected at the infrastructure level.

Google Dominance

Sitemap submitted. Schema live. Page speed optimized. Your business shows up in rich results, loads in under two seconds on mobile, and converts the visitors you were already paying to attract.

Locked Systems

No exposed credential files. No accessible source code. No open API docs. The doors that attackers look for are closed, blocked, and verified — not just assumed.

Zero Team Effort

Paravane's agents connected to your DNS provider, made the changes, verified propagation, and invoiced you on completion. You approved the scope. Everything else was handled.

FROM THE FIELD

What clients say
after the scan.

"I had no idea my .env file was sitting out there publicly accessible. Paravane found it in the first scan. iGloo had it locked down the same day. I didn't have to do a thing."

Customer avatar

OPERATIONS DIRECTOR - PROFESSIONAL SERVICES

"We'd been spending $3,000 a month on Google Ads and getting mediocre results. Turns out we had no schema, no sitemap, and a 9-second mobile load time. Fixed all three. Leads doubled in 60 days."

Customer avatar

OWNER - MEDICAL PRACTICE

"The report showed exactly what was wrong, what it would cost, and what it would look like when it was fixed. It felt like having a technical co-founder who actually explained things."

Customer avatar

FOUNDER - B2B SAAS COMPANY

Questions

Things people ask
before scanning.

If you have a unique setup, a custom tech stack, or just want to talk to a human before giving an agent access to your DNS - reach out. Our technical team is ready to review your infrastructure.

Is the scan really free?

Yes. The scan is always free. You get a full security and marketing audit with severity ratings and a total cost estimate - no credit card, no account, no catch. You only pay if you choose to have iGloo fix the problems.

What does the scan actually do to my site?

It reads publicly available information - DNS records, HTTP responses, and page content - the same way Google or any visitor would. It does not touch your database, files, or backend. It's entirely read-only.

How do agents fix DNS records without my credentials?

We provide a secure credential form after you contract with iGloo. Your API token is encrypted with AES-256 and used only during the active job. It is never stored in plaintext and never accessed outside the remediation window.

What if an agent can't complete the fix automatically?

The agent escalates to our technical team with a full log of what it tried, what it needs, and exactly where it stopped. We resolve the blocker, provide the input, and the agent resumes. You're notified at every step.

Which DNS providers do you support?

Cloudflare, GoDaddy, Namecheap, HostGator, and Bluehost - which collectively cover the vast majority of small business domains. If your provider isn't on the list, we handle it manually at the same price.

How long does remediation take?

DNS fixes typically propagate within 24-48 hours. Most jobs are fully complete within 3-5 business days. You receive an invoice only after we've verified each fix is live and working.

Find the gaps before
someone else does.

Takes under 60 seconds - No credit card - Instant report

Paravane Logo

© 2026 Paravane · A product of iGloo Digital Services