Terms of Service

Last updated: February 19, 2026

Domain Ownership Requirement

You must own or have explicit authorization to scan any domain you submit to ShipCheck.

By using our scanning service, you confirm that:

  • You own the domain being scanned, OR
  • You have written authorization from the domain owner to perform security testing
  • You understand ShipCheck will send HTTP requests to test security, performance, and configuration

Scanning Methods

ShipCheck uses these testing methods:

  • Passive analysis: HTTP header inspection, content analysis, asset detection
  • Active security testing: Authentication probes, rate limit tests, injection checks (paid plans)
  • OWASP ZAP integration: Automated XSS and SQLi testing (paid plans)
  • IDOR probing: Tests for insecure direct object references

All requests use the user-agent: ShipCheck-Scanner/1.0 (+https://shipcheckhq.com/about-scanning; security@shipcheckhq.com)

Limitation of Liability

ShipCheck is not liable for any service disruption caused by our scanning activities. Our scans use reasonable rate limits and timeouts, but you acknowledge that active security testing may trigger alerts or temporarily impact performance.

Abuse Prevention

Unauthorized scanning violates these terms and may violate applicable laws. If you believe your domain has been scanned without permission:

  • Report it immediately to abuse@shipcheckhq.com
  • We will investigate and suspend offending accounts within 1 hour
  • Repeat offenders are permanently banned
  • We maintain full audit logs of all scan consent and domain verification

Contact

Questions or concerns about these terms? Contact us at legal@shipcheckhq.com