Changelog

Failed scans no longer cost credits. If /analyze (or any of /check, /lookup, /dns, /vulnerability, /history, /stats, /changes, /certificate/check, /security) returns a 4xx or 5xx because the target domain didn’t resolve, the TLS handshake failed, the fetch timed out, or the site was unreachable, the credit it consumed is now refunded automatically. The X-RateLimit-Used header reflects the refund. Customers whose monthly counter was charged for failed scans in early June were credited retroactively. The /site, /analyze/batch, and /compare endpoints have separate refund handling on the roadmap.

Dashboard now shows an upgrade prompt when free-tier usage hits 80% of the monthly quota — one click to Pro, Ultra, or Mega via Stripe Checkout. Free-tier users no longer hit the cap silently.

Returning users on the dashboard can now paste their saved key into the “Try in browser” widget. Previously the button silently 409’d if you came back after revealing your key once (we don’t store plaintexts — peppered hash only).

Magic-link sign-in emails now include a sample curl command and an explanation of what to expect on the dashboard. First-time users know what to do with their key the moment they land.

Blog posts auto-link the first mention of named technologies (Cloudflare, Next.js, React, Stripe, etc.) to /built-with/{Tech} — click any tech name in a post to see which sites use it.

/tech/{domain} pages with thin or unreliable detection data (fewer than 4 technologies, fewer than 2 categories, or a non-2xx scan response) now return X-Robots-Tag: noindex. Improves the signal-to-noise ratio of the indexed corpus.

/built-with/{Tech} URLs are now case-normalized via 301 to the canonical case — e.g. /built-with/cloudflare 301s to /built-with/Cloudflare.

WhatRuns URL cluster consolidated: /whatruns-api-docs and /blog/whatruns-alternative-api now 301 to the canonical /blog/whatruns-api-key-alternative.

Resend added as an alternative outbound-email transport. Magic-link, activation, and webhook-alert emails are delivered via Resend (preferred) or Gmail SMTP as a fallback.

Re-engagement email cron added: paid customers who haven’t made an API call in 14 days get a once-daily nudge with a magic-link refresh, until they re-engage or unsubscribe.

Dashboard Quick start card adds a “Try in browser” button — one click runs /analyze?url=stripe.com against your key and renders the JSON response inline. No terminal needed for the first call.

OpenAPI spec updated to include the /check, /lookup, /vulnerability, and /site endpoints (previously documented only in the RapidAPI portal).

DNS signature catalog grew from 111 to 132 CNAME fingerprints — more accurate provider detection on Vercel, Statsig, Fastly, Sentry, Mailgun, and 17 other services.

New blog post: Slack Webhook Setup Guide — how to wire up Slack alerts on the Watches (tech-change-alerts) feature.

Direct billing via Stripe shipped. Sign up at /signup with your email — magic-link verification, then pick a plan and pay via Stripe Checkout. No RapidAPI account required.

Error responses for unreachable target sites now return HTTP 422 with specific JSON error messages (e.g. DNS resolution failed, TLS certificate error, request timeout) instead of a generic 502. Response body includes the domain and a human-readable error description.

Added DNS Intelligence endpoint (/dns) — query A, AAAA, CNAME, MX, TXT, NS records with automatic provider fingerprinting (111 CNAME signatures).

Added SSL/TLS Certificate Check endpoint (/certificate/check) — inspect certificate issuer, expiry, chain, protocol version, and SANs for any domain.

Added Security Headers endpoint (/security) — grades websites A+ through F on CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.

Added technology change feed (/changes) — track when monitored domains add, remove, or update technologies. Webhook alerts on changes.

Chrome extension published to Chrome Web Store — one-click tech stack detection in browser.

Added usage warnings — API responses include a warning when you reach 80% of your monthly quota.

Added /tech/{domain} pages — browse any domain's tech stack directly on detectzestack.com.

Custom domain live at detectzestack.com (migrated from detectzestack.fly.dev).

Added /analyze/batch — analyze up to 10 URLs in a single API request with optional CSV export.

Added /compare — side-by-side tech stack comparison across 2–10 sites.

Added /webhooks — HMAC-signed webhook notifications when domains are analyzed.

Added /history and /stats — view past scans and per-key usage analytics.

DetectZeStack API launched on RapidAPI with 7,300+ technology signatures via HTTP fingerprinting, DNS CNAME analysis, TLS certificate inspection, and custom header matching.