Why do I have to prove I own my site to receive my report?We will never disclose the vulnerabilities we find on a particular site to someone who cannot make us certain they own or have control over the domain of the site being scanned. While we do allow our customers to receive a grade for any site, those scans are rudimentary and do not involve any sort of server-side intrusion.
The entrance scan tests are simply a reflection of a crawl of the website - we do not try database injections or anything potentially malicious until we have a verified customer, that customer has verified they own the domain they are trying to secure, and has agreed to our Terms of Service and potential risks. We're very careful to obtain explicit permission before performing any actions that could be constituted as breaching any security or authentication measures.
Unfortunately, it would be a breach of our potential customers' trust, and probably illegal, for us to search for vulnerabilities on a website and provide them to anyone asking without confirmation of domain control or ownership.
As always, if you have any questions or issues at all, please feel free to contact us in our Support Chat or via any of the methods listed on our Contact Page and we'll be more than happy to assist.