[fmavituna]

Sites like those generally in the business of seal-selling or doing very light security checks.

Many of them will only report out of date vulnerabilities (quick & easy to check) or very simple issues limited issues. Still a legit business obviously. Though the benefits are limited. Best way to check this, get a scan request and watch your logs. Most of them won't even do a POST request. How can you really check for vulnerabilities unless you test all the functionality in a web application?

I guess we should explain this in our website to distinguish ourselves from that pack.