However, some checks have bugs or they makes no sense:
1. SPF missing ?all is broken, it report missing when it is there
2. Checking SOA records makes no sense in 2025. Their serial formats is irrelevant in modern DNS services that don't even use AXFR/IXFR
3. Checking for SOA TTL or minimal is also useless, unless the TTL is higher than 7 days. Really, it is up to the DNS admin to set very low TTL
4. Checking if different record types have different TTL makes zero sense, again it is up to the domain owner
5. DMARC/DKIM well, debatable. It has nothing to do with DNS per see and a lot of SMTP admins find them useless. A proper SPF with "-all" is enough to prevent using your domain for mail spoofing. DKIM and DMARC is usually a waste of time, and spammers always get it right anyway. I would go as far as to say that if you operate SMTP server, don't bother to check or add DKIM and definitely ignore DMARC.
On the topic of cookies, the cookie acceptance banner take up the entire screen on mobile. This seems pretty unnecessary. You could just get rid of Google Analytics and not need this at all.
The site claims x.com is an invalid domain.
The DNS results/headers are overlapping on mobile and you can’t read it.
You may want to reject 127.0.0.1 and localhost from your various scanners.
Port scanner doesn’t accept IPv6 addresses.
Some quick comments:
1) Under the tools listing on the home page, I'd make the entire block of each tool (name, icon, description) the clickable link, not just the words "Use Tool"
2) When in dark mode (which was auto-sensed, good job), every time I choose a new page it starts in light mode (flash-bang!) and then fades into dark mode.