Honest comparison

Djoji vs Guardr

Djoji Ghost Protocol and Guardr are both passive external scanners you can run on any domain in seconds without an account. They aim at different jobs. Guardr is a web-configuration grader for developers and agencies managing many client sites. Djoji is an external-attack-surface score written for the business owner — it covers the email, exposure, and breach dimensions that insurance questionnaires and spoofing incidents actually turn on. Here's the honest breakdown.

What each one checks

DimensionDjojiGuardr
SSL / TLS (HSTS, cert expiry, redirects)
HTTP security headers (CSP, X-Frame, etc.)
DNS security (DNSSEC, CAA)
Exposure paths (.git/.env, admin logins)
Cookie flags (Secure/HttpOnly/SameSite)Djoji reads headers; Guardr grades cookies explicitly
Leaked JS secrets (API keys in bundles)Guardr-specific check
Uptime / downtime monitoringGuardr-specific; Djoji is a posture score, not an uptime monitor
Email authentication (SPF / DKIM / DMARC)Not mentioned anywhere on Guardr
Exposed ports & servicesDjoji via Shodan (when enabled)
Breach exposure (HIBP-class)
Subdomain discoveryDjoji via Certificate Transparency logs
WHOIS / domain health
Plain-English business-risk narrativeGuardr grades in developer vocabulary

covered · partial · not offered. Guardr scope from guardr.io, verified July 4, 2026.

Pricing

DjojiGuardr
Free tier1 domain, full findings, no signup1 site weekly, top-2 fixes, no signup
Instant ungated gradeYes — passive scan of any domainYes — A–F grade in ~5s
Entry paidPro $29/mo (annual $249/yr)Solo $7/mo (annual $6/mo), 5 sites
Portfolio / agency tierMSP $149/mo flat, 25 domains (co-branded)Agency $179/mo, 150 sites, hourly, client portal

Guardr pricing from guardr.io homepage, verified July 4, 2026. Guardr's per-site floor is genuinely lower for agencies monitoring many web properties; Djoji prices the fuller attack-surface scope plus the plain-English report.

Which should you use?

Choose Guardr if…

  • You're a developer or agency watching 5–150 client websites.
  • You want continuous uptime monitoring and 6-hourly/hourly re-scans.
  • You want a web-config grade in developer vocabulary at the lowest per-site price.

Choose Djoji if…

  • You're a business owner who wants plain-English risk, not a dev checklist.
  • You care about email spoofing (SPF/DKIM/DMARC), exposed services, breaches, and subdomains — the questions insurers and attackers ask.
  • You want one aggregated posture score you can act on and share.

See your full external attack surface

Passive scan, no account, publicly observable data only. Get your Ghost Score across SSL, email auth, headers, exposure, and more.

Scan my site — free

Comparison compiled July 4, 2026 from publicly available information on guardr.io. Guardr is a trademark of its respective owner; this page is an independent comparison and is not affiliated with or endorsed by Guardr. Details change — if you spot something out of date, email hello@djoji.com.