Hosting Intelligence · No signup

Every site has
a story beneath
the surface.

Iceberg reveals the full hosting stack behind any website — provider, infrastructure, performance, security posture, and what it would cost to run it better.

Free forever No signup required Results in ~12s

— 01 / The Waterline

Two layers.
One view.

Most site checkers stop at the surface — the page that loads. Iceberg goes deeper: the infrastructure, the configuration, the cost, and the risk. Above the waterline is what your visitors see. Beneath is what your hosting actually does.

↑ Above the waterline

What visitors see

Surface signals. Anyone with a browser and a dev-tools tab can pull these. Most "site auditors" stop here.

Page load time
Visible CMS / framework hints
Page weight & asset list
Public SSL certificate
Lighthouse / Core Web Vitals

↓ Beneath the waterline

What we expose

The hosting layer underneath — what determines whether the site stays up, stays fast, and stays secure when traffic hits.

Origin host, datacenter, ASN ownership
Reverse-proxy chain and edge coverage
Runtime versions (PHP, Node, OS) and EOL status
WAF posture & exposed admin endpoints
Estimated TCO and migration savings

— 02 / Capabilities

What we
see.

Iceberg fingerprints over 1,800 technologies across the modern web stack — hosting, performance, security, and architecture, all from a single URL. No agent, no installation, no access to the site itself.

01 / 08

Hosting & Infra

Provider detection
Datacenter & region
ASN / IP ownership
Reverse proxy chain
Origin shield

02 / 08

Performance

Core Web Vitals
TTFB & latency map
Asset optimization
Cache hit ratio
Edge coverage

03 / 08

Security Posture

SSL configuration
WAF & DDoS
Security headers
Exposed endpoints
CVE matching

04 / 08

Stack & CMS

CMS & version
Framework detection
Plugins & libraries
Server software
Runtime versions

05 / 08

DNS & Network

Nameserver chain
Record types
Email config (SPF/DMARC)
Subdomain map
Anycast detection

06 / 08

Cost Estimate

Hosting tier inference
Bandwidth profile
Stack TCO
Migration savings
ROI projection

07 / 08

AI Insights

Risk scoring
Optimization plan
Migration roadmap
Competitor benchmark
Plain-English summary

08 / 08

Compliance

Cookie & tracker audit
GDPR signals
Accessibility (WCAG)
Privacy posture
Data residency

— 03 / Output

A real
report.

Every scan produces an actionable report. The free tier shows the headlines. Drop your email to unlock the full breakdown — including the AI migration plan and a tailored savings estimate.

example-business.com

Health Score 62 / 100

Hosting Provider

Bluehost

Shared · Provo, UT

TTFB (median)

1.42s

Industry avg: 0.68s

SSL Grade

TLS 1.3, HSTS enabled

CMS

WordPress 6.4.3

17 plugins detected

PHP Version

7.4

EOL since Nov 2022

WAF

None

Site exposed to L7 attacks

+ 14 more findings including AI migration plan and ~$2,400/yr savings estimate.

Unlock Full Report →

— 04 / How it works

Three passes.
One scan.

Iceberg runs every URL through a layered pipeline — surface fingerprinting, infrastructure resolution, and contextual scoring. The full methodology lives on its own page, but here's the short version.

Surface fingerprint

HTTP headers, response timings, asset signatures, and DOM tells. We identify the CMS, framework, CDN, and edge configuration without ever needing to log in.

Infra resolution

DNS chain → ASN → hosting provider → datacenter. We trace the request path from edge to origin and map every hop in between.

Contextual scoring

Every finding is weighted against industry benchmarks and CVE/EOL data. The result: a single health score plus a prioritized roadmap, in plain English.

Read the full methodology →

Every site has a story beneath the surface.

Two layers.One view.