Frequently Asked Questions

What is Certly Guard?

Certly Guard is our public web API for determining whether or not a link is malicious, primarily useful for blogs and forums.

How does it work?

Certly Guard scans millions of URLs every day to detect malicious links. We also strengthen our database by exchanging threat data with multiple vendors.

Is it free?

You can scan up to 100 URLs per day for free and up to 500 URLs per day on our paid plans. If you need to process a larger amount, please contact us.

Is it fast?

We are able to deliver a verdict in around 100ms. This is because Certly does not actively scan a URL when you request information about it. Instead, we try to learn about and scan URLs before they're submitted to your site.

Can I run it on-premise?

Extremely high volume sites may benefit from searching a local copy of our database. Contact us to learn more.

What happens if I ask about a site that has not been scanned?

If you request the status for a site we haven't checked, we'll queue a scan for it. In the future we may offer the ability to be programmatically notified when a scan is queued and what its result is. However, it's fairly likely that if we have not seen a site it is either not malicious or not likely to be flagged in the first place.

How do I report a false positive or negative?

You can use the Support button in the bottom right or email certly@certly.io to submit a file or URL we missed or incorrectly flagged.

What protocols or ports does Certly Guard use?

The Certly Guard API communicates over HTTPS on port 443. If you experience connection issues even with this port open, it is possible the code being used does not support ECDSA certificates or ciphers for TLS.

How can I report a security vulnerability?

Security issues can be reported on our HackerOne page.

Does Certly Guard detect spam without links?

Not currently. While in the future we may develop detection of spam text, this is a lower priority because the primary purpose of spam is to get the visitor to visit another site. We are working on improving our URL pattern matching so that obfuscated links will still be scanned by plugins sending the raw comment text to Certly.