A nutrition label for links — on-device scanner that scores any URL in ≈2 s using 100 + deterministic heuristics.
- Instant verdict - assigns 🟩/🟧/🟥 locally in ≈2 s, no cloud calls.
- App-sec focus - flags silent redirects, CSP issues, shady certs, and tracking cookies.
- Explainable heuristics - every finding follows a traceable rule, no black-box logic.
- Privacy by design - single HTTPS fetch to the target, zero third-party traffic.
| Score | Meaning |
|---|---|
| 🟥 Red — Unsafe | Multiple high-risk signals (weak TLS, missing CSP, scam keywords …). |
| 🟧 Orange — Suspicious | Mixed hygiene; often fine for major brands, caution for unknown sites. |
| 🟩 Green — Safe | Clean redirects, solid headers, trusted cert, no heavy tracking. |
| End-users | App Store |
| Developers | Open LegitURL.xcodeproj in Xcode and run. |
| Signals & Logs |  |
| Inline script findings |  |
More screenshots
| Cookie view |  |
| CSP directives |  |
| HTML report export |  |
| LLM JSON export |  |
- Offline parsing – look-alikes, encodings, scam words, entropy tests.
- Sandboxed HTTPS fetch – reads cert, headers, cookies, HTML, inline JS.
- Deterministic scoring – bit-flags + weighted penalties → single score.
Full spec and details examples lives in TECHNICAL_OVERVIEW.md.
- Cookie bit-flag pyramid
- CSP / header correlation
- Correlate CSP SHA to inline
- HTML
<meta refresh>detection - Subresource-Integrity (SRI) hash checks
- Consolidated CSP generator
- Implement OpenSSL probe to retrieve certificate chain and reason for failed TLS handshake
GNU Affero GPL v3 – see LICENSE for details. Issues welcome.