What we do

Security scanning built for people who build websites

Warden makes enterprise-grade web security checks accessible to freelancers, agencies, and small teams — without the enterprise price tag or the expertise requirement.

Security audits shouldn't require a six-figure budget

Qualys Web Application Scanning starts at $1,995/year for 25 applications. Intruder's entry tier is $149/month. Acunetix and Invicti require custom quotes that rarely come back under $4,000 per year. None of these make sense for a developer with three client sites or a startup trying to pass a security audit.

Meanwhile, clients and procurement teams are asking more questions about security than ever. Supplier audits, insurance requirements, and enterprise procurement checklists increasingly demand documented evidence that your website is secure.

10 min

Average time from sign-up to first report

22+

Automated security checks per scan

$14.99

Starting price per month — no minimum term

What we check

22+ automated security checks

Every Warden scan runs the following checks against your domain. All checks are read-only and non-destructive — your site stays live throughout.

TLS & certificates

TLS protocol version

Cipher suite strength

Certificate validity

Certificate chain

HSTS header

HSTS preloading

Security headers

Content-Security-Policy

X-Frame-Options

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

Cross-Origin policies

Cookies

Secure flag

HttpOnly flag

SameSite attribute

Cookie scoping

Information exposure

Server version disclosure

Technology fingerprinting

Sensitive file exposure

Directory listing

Backup file detection

HTTP configuration

HTTP to HTTPS redirect

Mixed content detection

HTTP methods allowed

Clickjacking protection

AI & LLM security

AI chatbot & LLM surface detection

AI surface classification

Deep Scan — active testing, opt-in and authorised per domain

Compliance mapping

CWE / OWASP / CVSS tagging on findings

PCI DSS control mapping

ISO 27001 control mapping

SOC 2 control mapping

Do you test AI chatbots?

Every scan automatically checks whether your site exposes a chatbot or LLM endpoint. Actually testing it — sending it prompts to see how it responds — is a separate, on-demand test you configure and authorize yourself; Warden never probes an AI surface without your consent.

What is prompt-injection testing?

An authorized, on-demand test that sends adversarial prompts to your own configured chatbot endpoint to check whether it ignores its instructions, leaks its system prompt, or discloses sensitive data. Available on the Business plan, and only ever run against domains you've verified and consented to test.

The process

From sign-up to report in under 10 minutes

1

Create your account

Sign up in under 2 minutes and pick the plan that fits.

2

Add and verify a domain

Add a DNS TXT record or upload a small verification file. Takes under 5 minutes and confirms you're authorised to scan.

3

Run a scan

Click scan. Warden runs 22+ automated read-only checks in the background. You'll receive an email when it's ready.

4

Review your report

View your A–F grade, health score, and findings with plain-English explanations and step-by-step fix instructions.

5

Fix and re-scan

Resolve findings using the guidance in your report, then re-scan to confirm fixes and watch your score improve. Need it confirmed sooner? Request a retest and we'll verify the fix without waiting for your next scan.

6

Automate with scheduled rescans

Set a weekly or monthly cadence so Warden rescans your domain automatically and keeps your report current — no need to remember to click scan.

Who Warden is for

Built for builders, not enterprises

👩‍💻

Freelance developer

Deliver a security report alongside every site launch. Demonstrate professionalism and add a high-value deliverable to your service.

→ Solo plan · $14.99/mo
🏢

Digital agency

Scan all your client sites from one dashboard. White-label reports under your own branding. Add a recurring security service line.

→ Agency plan · $149.00/mo
🚀

SaaS startup

Pass supplier security audits and enterprise procurement checklists with an independent third-party report. No pen test wait time.

→ Pro plan · $79.00/mo
🔒

IT manager

Monitor your organisation's web properties continuously. Get alerted to new issues between scans. Keep your board informed.

→ Business plan · $299.00/mo
📊

Marketing team

Your website is a business-critical asset. Know its security posture without needing IT to run a report. Quick, clear, actionable.

→ Starter plan · $39.00/mo

How we compare

Warden vs the alternatives

FeatureWardenCompetitorsManual pen test
Entry price$14.99/mo$149–$1,995/mo$2,000–$20,000+
Plain-English findingsVariesVaries
No security expertise needed
PDF report for clients
Monthly billing availableOften annual-onlyN/A
White-label available✓ (Agency+)RarelyDepends
Compliance mapping (PCI DSS / ISO 27001 / SOC 2)Varies✓ (bespoke)
Slack / webhook / Jira integrationsEnterprise tiers onlyN/A
Fix-verification rescansRarelyExtra cost
REST API access✓ (Business)Enterprise tiers onlyN/A
Scheduled rescansN/A

Ready to find out your security grade?

Every plan includes the full scan engine. Cancel any time.

Get started