NEW: DNS-only fallback — when a web server is unreachable, GuardPad automatically runs DNS analysis and delivers a partial security grade. Works for mail-only domains, temporarily down sites, and non-HTTP services. NEW: DNS-only results show a distinct dashed-ring grade, "DNS ONLY" badge, email-focused report card, and adapted methodology breakdown (70% email / 10% DNSSEC / 10% CAA / 10% MX). NEW: MX record quality analysis — detects multiple mail servers, null MX (RFC 7505), bare IP addresses, and priority ordering. NEW: DNS-only integration across the app — history badges, batch auto-fallback with aggregate stats, cross-mode diff, share card, PDF/Markdown exports, and VoiceOver announcements. NEW: Context-sensitive grading — your grade now accounts for site type. A static blog isn't held to the same standard as a banking SPA. Five site types detected automatically: static, SPA, API, CMS, and generic. NEW: Grade explanations — tap any grade to see exactly which headers matter most for your site type and how weights were adjusted. NEW: Site type override — disagree with the detection? Override it and watch your grade recalculate live. NEW: Smart recommendations — fix suggestions ordered by relevance to your site type. NEW: Reporting API detection — Report-To and Network Error Logging (NEL) headers identified. NEW: Email security analysis — SPF, DMARC, and DKIM records graded individually. NEW: OWASP Top 10:2025 compliance mapping — each finding mapped to the risk it mitigates. NEW: DNSSEC validation and CAA record grading in DNS tools. NEW: Trusted Types CSP detection with A+ grade boost. IMPROVED: Re-scan diff overlay with inline grade change badges. IMPROVED: Shareable amber-themed grade card image. IMPROVED: 3-tab layout (Scan / History / Tools) with iPad sidebar. IMPROVED: Batch scan rows show site type badges. IMPROVED: PDF and Markdown exports include all analysis sections.

NEW: Cookie security analysis — every cookie inspected for Secure, HttpOnly, SameSite, and __Host- prefix compliance. Cookie grade affects your overall score. NEW: Quick Fix mode — tap the lightning pill to see your highest-impact issues ranked by how much they affect your grade. Fix the top 3 and watch your score climb. NEW: CSP depth analysis — nonce and strict-dynamic detection, Report-Only mode flagging, and smarter unsafe-inline severity scoring. NEW: Cross-origin isolation headers — COOP, COEP, and CORP are now fully graded security headers, not just informational. 11 headers analyzed total. NEW: Deprecated header detection — HPKP, Expect-CT, and Feature-Policy flagged with removal guidance. NEW: security.txt detection — checks for RFC 9116 security contact file at /.well-known/security.txt. NEW: Redirect chain grading — redirect quality scored by hop count and HTTP/HTTPS transitions. IMPROVED: Domain-grouped history — scans organized by domain with drill-down detail view. IMPROVED: Collapsible results sections — cleaner, scannable results with report card summary strip. IMPROVED: v2 scoring algorithm — 60% headers / 20% SSL / 20% cookies for sites with cookies.

NEW: 3-day PRO trial on first launch — experience every feature before you buy. NEW: Batch scanning — scan up to 50 URLs at once with an aggregate security report sorted worst-first. See your entire portfolio's health in seconds. NEW: Shareable grade badge — generate a shields.io-style SVG/PNG security badge for your site's README, Slack, or CI dashboard. NEW: iPad compare mode — select two scans from History and view them side-by-side with per-header improvement/regression indicators. IMPROVED: Redesigned paywall with benefit-driven copy — see exactly what PRO lets you DO, not just a feature list. IMPROVED: Smarter PRO gating — code snippets and trend arrows now require PRO. Full WHAT/WHY/FIX diagnostics and scan history remain free. IMPROVED: 4-tab layout — Scan, Batch, History, Tools.