Run your first scan

Before you start

Scan a site you own or are authorized to assess. Sift Health only requests publicly accessible pages — the same pages any visitor or search-engine crawler can already reach — and performs no intrusion testing. Even so, the first scan of any domain is the right moment to confirm you have permission to assess it.

Steps

1. 1

   Open the free scan form

   Go to /scan and paste the full URL of the site’s home page, for example https://www.example-clinic.com. You can submit a bare domain; Sift Health follows redirects to the canonical address.
2. 2

   Submit and watch progress

   The scanner crawls a bounded set of pages (typically 15–20), classifies each one (privacy policy, intake form, appointment, portal, or general), then runs the analyzers that apply to each page type. Progress streams live; a typical scan finishes in a couple of minutes.
3. 3

   Read the score and top findings

   You’ll land on a report with an overall 0–100 risk score, an A–F grade, a per-category breakdown, and your top findings. On the free tier the full finding list and remediation detail are unlocked with an email; nothing is hidden behind a paywall on a site you scan.
4. 4

   Decide what to do next

   Triage the highest-severity findings first — a tracker on an intake or appointment page outranks a missing header on a marketing page. Each finding links to a remediation entry you can hand to whoever maintains the site.

Scan with the API instead

Prefer to script it? The same flow is two API calls: queue a scan, then poll until it completes. See POST /v1/scans and GET /v1/scans/{id}.