Website Analysis
Discover and analyze a business's website: domain age, SSL validity, contact information, site structure, and more.
Website Analysis discovers the website associated with a business and performs a full analysis of the domain - registration age, SSL certificate, operational status, contact information, site structure, and more. It powers the domain legitimacy and impersonation checks described in the Online Presence: Best Practices guide.
When to use it
- You want to verify that the website submitted by an applicant is legitimate and consistent with the business's age and identity
- You are looking for fraud signals including potential impersonation (e.g. a lookalike domain registered shortly before the application)
- You want to cross-check contact information (email, phone, addresses) discovered on the website against the submitted application
- You are assessing whether a business has a real, operational online presence
Always populate the
websitefield when possible. This enablesinput_website_analysis- the comparison between the submitted domain and the one Baselayer independently discovers - which is the most reliable impersonation signal available. See Domain Impersonation Patterns in the Online Presence: Best Practices guide.If your onboarding form makes
websiteoptional, use the domain of the submitted email as a fallback: if the applicant provides [email protected] but no website, submitlucali.comas the website value. This ensuresinput_website_analysisis populated in the vast majority of applications without requiring an additional required field. Skip this only for free email providers (Gmail, Yahoo, etc.) - those domains carry no identity signal.
How to request it
Website Analysis is available on both integration paths.
Via POST /web_presence_requests
POST /web_presence_requestsInclude Order.WebsiteAnalysis in the options array. Results are returned inline in the response at website_analysis (discovered domain) and input_website_analysis (submitted domain, when a website was provided).
{
"name": "Lucali",
"address": "575 Henry St, Brooklyn, NY 11231",
"website": "https://www.lucali.com",
"options": ["Order.WebsiteAnalysis"]
}Via POST /searches
POST /searchesInclude Order.WebsiteAnalysis in the options array. Results are not inline, Baselayer returns a WebsiteAnalysisRequest tracking object in orderables[]. Fetch the result using the URL in that object, or listen for the WebsiteAnalysisRequest.completed webhook.
{
"name": "Lucali",
"address": "575 Henry St, Brooklyn, NY 11231",
"website": "https://www.lucali.com",
"options": ["Order.WebsiteAnalysis"]
}The search response will contain:
{
"orderables": [
{
"type": "WebsiteAnalysisRequest",
"id": "ac5aca82-e75e-40d0-a0eb-1fc474cef2c4",
"url": "https://api.baselayer.com/website_analysis_requests/ac5aca82-e75e-40d0-a0eb-1fc474cef2c4",
"option": "Order.WebsiteAnalysis"
}
]
}Fetch the result:
GET /website_analysis_requests/{id}When both a submitted and a discovered domain exist on
/searches: TwoWebsiteAnalysisRequestentries will appear inorderables[]. They are not labeled - call GET on each and inspectwebsite_analysis.urlto determine which domain was analyzed.
Via Order.Enhanced
Order.EnhancedOrder.Enhanced on POST /searches includes Website Analysis automatically alongside Industry Prediction, Social Profiles, Reviews, and expanded officer/address discovery. See Online Presence: Basics for when to use Enhanced vs. individual orderables.
Response fields
The website_analysis and input_website_analysis objects share the same structure.
Core fields
| Field | Type | Description |
|---|---|---|
id | string | Unique identifier for this website analysis request. |
url | string | The URL that was analyzed. |
parked | boolean | Whether the domain is undeveloped or inactive (parked page). |
website_build_status | enum | Overall operational status: active, coming_soon, or inactive. |
email_deliverable | boolean | Whether emails from this domain are deliverable. |
emails[] | array | Email addresses discovered on the website. |
phone_numbers[] | array | Phone numbers discovered on the website. |
website_summary | string | Auto-generated summary of the website's homepage content. |
website_structure_metrics | object | depth (max link depth: "0", "1", or "2+") and breadth (unique pages: count or "15+"). Indicates site maturity. |
addresses[] | array | Physical addresses discovered on the website, as structured address objects. |
people[] | array | People discovered on the website. Each entry includes name and titles[]. |
social_profiles[] | array | Social media profile links found on the website. Each entry includes site, url, and username. |
redirects | string | null | The final destination URL if the analyzed domain redirects. |
screenshot_url | string | URL to a screenshot of the website at time of analysis. |
ssl_validity | object | SSL certificate details — see below. |
whois_record | object | Domain registration details — see below. |
ssl_validity fields
ssl_validity fields| Field | Type | Description |
|---|---|---|
is_valid | boolean | Whether the SSL certificate is valid and active. |
is_self_signed | boolean | Whether the certificate is self-signed (not issued by a trusted CA). |
is_wildcard | boolean | Whether the certificate covers subdomains. |
is_revoked | boolean | Whether the certificate has been revoked. |
certificate_type | string | Certificate validation type: DV (domain-validated), OV (organization-validated), or EV (extended validation). |
tls_version | string | TLS version in use (e.g., TLSv1.3). |
issuer | string | Certificate authority that issued the certificate. |
cert_age_days | integer | Age of the certificate in days. |
days_until_expiry | integer | Days remaining until the certificate expires. |
expiry_date | string | Certificate expiry date (ISO 8601). |
whois_record fields
whois_record fields| Field | Type | Description |
|---|---|---|
domain_age_months | integer | Age of the domain in months from registration date to today. |
domain_created_at | string | Date the domain was first registered (ISO 8601). |
domain_expires_at | string | Date the domain registration expires (ISO 8601). |
domain_updated_at | string | Date the domain record was last updated (ISO 8601). |
registrar | string | The domain registrar (e.g., GoDaddy, Squarespace Domains). |
Interpreting results
Website Analysis produces two types of signals: domain legitimacy (is this a real, operational site?) and identity consistency (does the submitted domain match the independently discovered one?). For the full decisioning framework - including thresholds, fraud patterns, and others - see:
- Website Analysis section in the Online Presence: Best Practices guide: domain legitimacy checks,
ssl_validity,website_build_status,website_structure_metrics - Domain Impersonation Patterns:
whois_record.domain_age_monthsvs.months_in_business, lookalike domain detection, free email vs. deliverable corporate domain The key fields to evaluate in every application: business_website_match— whether the submitted domain matches the discovered onewhois_record.domain_age_monthsoninput_website_analysis— flag if< 90days on a business older than 24 months; escalate immediately if< 30daysemail_deliverableonwebsite_analysis— cross-reference against the submitted email domainparkedandwebsite_build_status— flag inactive or placeholder sites for established businesses
Related guides
- Online Presence: Basics — integration path decision guide and data model
- Online Presence: Best Practices — full decisioning framework
- Online Presence: Response Reference — match values, match sources, and response shape by integration path
- Industry Prediction — often requested alongside Website Analysis for best accuracy
- Website Analysis API Reference — full endpoint documentation