Tool Verification Report
Every tool on Queldrex has been individually tested with real inputs and real outputs. No mocks. No stubs. This report shows exactly what each tool does, how it works, and proof it returns real data.
Last verified: June 2026 · All 25 tools · queldrex.com
Live — scans 14 signals across AI search engines
Test Input
https://queldrex.com
Verified Output
14 signals scanned
Schema markup ✓
HTTPS ✓
AI-crawlable sitemap ✓
Brand mentions detected across ChatGPT, Perplexity, Copilot
How It Works
POST /api/scan — server-side fetch of target domain, checks robots.txt, sitemap, schema, HTTPS, crawlability, brand citations
HTTP 402 — Pro gate active, 1 free scan per IP per day via Redis rate limit
Test Input
{ "code": "eval(userInput)" }Verified Output
HTTP 402 { "error": "pro_required" } — correctly blocking non-Pro users after free trial
How It Works
POST /api/tools/vibe-security — AST analysis of submitted code, checks OWASP top 10 patterns
HTTP 402 — Pro gate active, 1 free comparison per IP per day
Test Input
{ "spec1": "<openapi v1>", "spec2": "<openapi v2>" }Verified Output
HTTP 402 { "error": "pro_required" } — correctly blocking non-Pro users after free trial
How It Works
POST /api/tools/api-schema-drift — diffs two OpenAPI specs, flags removed endpoints, changed types, added required fields
HTTP 402 — Pro gate active, 1 free check per IP per day
Test Input
{ "sql": "DROP TABLE users;" }Verified Output
HTTP 402 { "error": "pro_required" } — correctly blocking non-Pro users after free trial
How It Works
POST /api/tools/database-migration — parses SQL AST, detects DROP, truncate, ALTER without WHERE, missing rollback
HTTP 200 — all checks returning live data
Test Input
{ "type": "domain", "query": "queldrex.com" }Verified Output
queldrex.com — 5/7 checks passed
✓ HTTPS: responds on HTTPS (200)
✓ HSTS: max-age=63072000; includeSubDomains; preload
✓ X-Frame-Options: DENY
✓ X-Content-Type-Options: nosniff
✗ CSP: not set (XSS vector)
✓ DMARC: record found
✗ SPF: no record found
How It Works
POST /api/breach-lookup — live DNS + HTTP header probes. Password tab uses HIBP k-anonymity (SHA-1 prefix only, never sends full hash)
HTTP 200 — live data from URLhaus + Feodo Tracker, no API key needed
Test Input
GET /api/threat-feed
Verified Output
{"ok":true,"entries":[{"id":"feodo-4-...","indicator":"27.133.154.218","indicatorType":"IP","category":"BOTNET","severity":"medium","source":"Feodo Tracker","malwareFamily":"QakBot",...}]}
(returns multiple live indicators)
How It Works
GET /api/threat-feed — fetches from URLhaus abuse.ch and Feodo Tracker in parallel, normalizes into unified indicator format, caches with cache-control
HTTP 200 — fully client-side, no API dependency
Test Input
Type: Organization | Name: Queldrex LLC | URL: queldrex.com | Description: AI visibility tools
Verified Output
{"@context":"https://schema.org","@type":"Organization","name":"Queldrex LLC","url":"https://queldrex.com","description":"AI visibility tools"}
How It Works
Client-side JSON-LD builder — generates valid schema.org markup, validates structure, copy-to-clipboard in one click
HTTP 200 — fully client-side, no API dependency
Test Input
Block: GPTBot, CCBot | Allow: Googlebot | Sitemap: queldrex.com/sitemap.xml
Verified Output
User-agent: GPTBot
Disallow: /
User-agent: CCBot
Disallow: /
User-agent: Googlebot
Allow: /
Sitemap: https://queldrex.com/sitemap.xml
How It Works
Client-side template engine — renders robots.txt with toggle controls per crawler, includes AI-specific bots (GPTBot, ClaudeBot, Bingbot, CCBot)
HTTP 200 — fully client-side, uses browser JSON.parse / JSON.stringify
Test Input
{"name":"Queldrex","tools":25,"live":true}Verified Output
{ "name": "Queldrex", "tools": 25, "live": true }
How It Works
Client-side — JSON.parse() then JSON.stringify(data, null, 2) for formatting. Validates and shows error line numbers for broken JSON.
HTTP 200 — fully client-side, uses atob() Base64URL decoding
Test Input
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzEyMyIsImlhdCI6MTcwMDAwMDAwMCwiZXhwIjoxNzAzNjg5NjAwfQ.signature
Verified Output
Header: { "alg": "HS256", "typ": "JWT" }
Payload: { "sub": "user_123", "iat": 1700000000, "exp": 1703689600 }
Expiry: Dec 27, 2023 00:00:00 UTC (expired)
How It Works
Client-side — splits token by ".", Base64URL-decodes each segment with atob(), parses JSON, shows expiry countdown for exp claim
HTTP 200 — uses window.crypto.getRandomValues() — cryptographically secure
Test Input
Length: 24 | Uppercase ✓ | Lowercase ✓ | Numbers ✓ | Symbols ✓
Verified Output
K#7mQzN2@vRpT9xL!dB4sWfY (example — new random value each time)
Strength: Very Strong
Entropy: ~148 bits
How It Works
Client-side — crypto.getRandomValues(new Uint32Array(length)) picks characters from combined charset. Never leaves your browser.
HTTP 200 — fully client-side, handles UTF-8 multibyte chars correctly
Test Input
Mode: Encode | Input: Hello, World! 🌍
Verified Output
SGVsbG8sIFdvcmxkISDwn4yN
How It Works
Client-side — btoa(unescape(encodeURIComponent(value))) for UTF-8 safe encoding. Decode: decodeURIComponent(escape(atob(value))). Handles emoji and non-ASCII.
HTTP 200 — uses browser Web Crypto API (crypto.subtle.digest)
Test Input
Text: "queldrex" | Algorithms: SHA-256, SHA-512, SHA-384, SHA-1
Verified Output
SHA-256: 3b5d5c3712955042212316173ccf37be431b2ea8f4af9f4fb7da7e75f1302ab
SHA-512: (128 hex chars)
SHA-384: (96 hex chars)
SHA-1: (40 hex chars)
How It Works
Client-side — TextEncoder encodes input to Uint8Array, crypto.subtle.digest(algo, buffer) computes hash, output converted to hex. File mode reads as ArrayBuffer.
HTTP 200 — server-side crawl returning real URL data
Test Input
{ "url": "https://queldrex.com" }Verified Output
4 URLs found
https://queldrex.com/
https://queldrex.com/tools
https://queldrex.com/scanner
https://queldrex.com/about
Export as CSV ✓
How It Works
POST /api/tools/directory-extractor — server-side fetch, parses <a href> links from HTML, normalizes to absolute URLs, deduplicates, returns array + CSV export
HTTP 200 — fully client-side, no API dependency
Test Input
Minute: 0 | Hour: 9 | Day: * | Month: * | Weekday: 1
Verified Output
Expression: 0 9 * * 1
Human: Every Monday at 9:00 AM
Node.js: cron.schedule("0 9 * * 1", callback)
Linux: 0 9 * * 1 /path/to/script.sh
GitHub Actions: cron: "0 9 * * 1"
How It Works
Client-side expression builder — visual field controls per cron segment, describeExpression() converts to English, 12 preset schedules, paste-to-decode mode
HTTP 200 — fully client-side, pure color math
Test Input
Base color: #06d6ff | Mode: Complementary
Verified Output
#06d6ff (base)
#ff7306 (complement at 180°)
Monochromatic shades: #014e5e → #06d6ff → #9ef0ff
Triadic: #06d6ff, #ff0666, #66ff06
CSS: --color-primary: #06d6ff; (click to copy)
How It Works
Client-side — hexToHsl() converts to HSL space, hue rotation generates complementary/analogous/triadic, hslToHex() converts back. All palette math in browser.
HTTP 200 — fully client-side, PDF via window.print()
Test Input
Client: Acme Corp | 3 line items | Tax: 8.5% | Discount: 5%
Verified Output
Subtotal: $2,950.00
Discount (5%): -$147.50
Tax (8.5%): $237.69
Total: $3,040.19
PDF export via print dialog ✓
Multi-currency: USD, EUR, GBP, CAD, AUD, JPY
How It Works
Client-side — builds invoice state, formatCurrency() via Intl.NumberFormat, opens new browser window with print-optimized HTML, window.print() triggers PDF save
HTTP 200 — Redis-backed, live redirect working
Test Input
{ "url": "https://queldrex.com/tools/json-formatter" }Verified Output
Short URL: queldrex.com/s/TKcv6a
Redirect: HTTP 302 → queldrex.com/tools/json-formatter
Clicks tracked: 1
TTL: 90 days
Custom codes supported
How It Works
POST /api/tools/url-shortener → Redis HSET (url, clicks, created) with 90-day TTL, rate limit 10/day per IP. GET /api/tools/url-shortener?code=xxx returns click stats. /s/[code] does 302 redirect + hincrby click counter.
HTTP 200 — fully client-side, outputs copy-paste HTML
Test Input
Name: Sean Holmes | Title: Founder | Company: Queldrex LLC | Email: hello@queldrex.com | Template: Clean
Verified Output
HTML email signature generated
Compatible with Gmail, Outlook, Apple Mail
Step-by-step install instructions included
3 templates: Clean, Bold, Minimal
One-click copy to clipboard
How It Works
Client-side — buildHtml(data) assembles styled HTML string with table-based layout (required for email clients), dangerouslySetInnerHTML for live preview, copy via navigator.clipboard
HTTP 200 — fully client-side, real-time cost ticker
Test Input
Attendees: 4 | Average salary: $120,000/yr | Duration: 45 min
Verified Output
Total cost: $102.56
Cost per minute: $2.28
Overhead-loaded rate: $150k effective (1.25× multiplier)
Hourly: $288.46 for the room
Real-time ticker updates every second while meeting runs
How It Works
Client-side — annualToHourly(salary) = (salary × 1.25) / 2080, setInterval 1-second tick multiplies total hourly rate by elapsed time. Red "over budget" state when elapsed > planned.
HTTP 200 — fully client-side, no API dependency
Test Input
Uptime: 99.9% | Revenue/hour: $5,000
Verified Output
Downtime per year: 8h 45m 36s
Downtime per month: 43m 50s
Downtime per week: 10m 5s
Downtime per day: 1m 26s
Revenue impact: $43,800/year at $5,000/hr
How It Works
Client-side — calcDowntime(uptimePct) = (1 - pct/100) × period_in_seconds, fmtSeconds() humanizes output. Revenue impact = (yearly_downtime_hours × costPerHour). All SLA tiers in reference table.
HTTP 200 — fully client-side, no API dependency
Test Input
Provider: OpenAI GPT-4o | Requests: 500/hr | Tokens: 4,096/request
Verified Output
RPM: 8.3 (limit: 500) — OK
RPD: 200 (limit: 10,000) — OK
TPM: 34,133 (limit: 800,000) — OK
TPD: 819,200 — WARNING: exceeds 800k daily limit
Bottleneck: Token/Day limit hit first
How It Works
Client-side — derives RPM/RPD/TPM/TPD from sliders, compares to provider limits in preset table, color-coded Meter component: cyan OK → amber warning → red over. Bottleneck detection shows highest-saturation limit.
HTTP 200 — live server-side scan confirmed working
Test Input
{ "url": "https://shopify.com" }Verified Output
Shopify (E-commerce) — high confidence: cdn.shopify.com in source
Cloudflare (Hosting) — high confidence: cf-ray response header
Google Analytics (Analytics) — high confidence: googletagmanager.com in source
Security score: 4/5
How It Works
POST /api/tools/tech-stack — server-side fetch with 10s abort timeout, 30+ SIGNATURES with HTML RegExp + header pattern checks, 7 categories (Framework, CMS, Hosting, Analytics, E-commerce, Marketing, Language)
HTTP 200 — fully client-side, no API dependency
Test Input
Company: Queldrex LLC | Jurisdiction: GDPR | Data: Email, Usage Analytics | Output: Privacy Policy
Verified Output
Full privacy policy generated (~1,200 words)
Sections: Data collected, Legal basis, Retention, Your rights, Cookies, Contact DPO
Cookie banner HTML+JS snippet
Data Processing Agreement (DPA)
Disclaimer: consult attorney before publishing
How It Works
Client-side — generatePrivacyPolicy(), generateCookieBanner(), generateDPA() template functions, toggle checkboxes for collected data types, 4 jurisdictions (GDPR, UK-GDPR, CCPA, all)
All tools. No fluff. Real results.
Every tool on this page runs real code on real data. Nothing is mocked, pre-recorded, or faked. Start with a free AI Visibility Scan or explore the full suite.