Skip to main content

Pricing

Know what's exposed. Fix it fast.

700+ security checks in the full suite. Free shows what's broken. Paid gives you the exact fix, ready to paste, and keeps watching.

2,919+

Scans run

20,403

Vulnerabilities found

700+

Security checks

Founder offer

Applied automatically

40% off

While your subscription stays active

25 founders

Limited to the first 25 founders

Ends Jul 31

Or when all founder spots are claimed

Free

Check any site in 60 seconds

$0

Forever

  • 1 domain, checked on demand
  • Full security scan (700+ check suite)
  • Score, grade & severity breakdown
  • All finding titles + severity
  • OWASP Top 10 checks
  • 1 lifetime deep scan (verified domain)
Get started free

Solo

1 monitored domain, unlimited re-scans

$19/moSAVE 40%
$11.40/mo

FOUNDER price while your subscription stays active

  • Re-scan to verify your fix + before/after diff
  • Full finding details + AI fix prompts
  • Weekly & monthly monitoring + alerts
  • Unlimited deep scans + CVE alerts
  • PDF export, badge, GitHub, scan history
Claim founding price

Studio

Most popular

5 monitored domains, unlimited re-scans

$39/moSAVE 40%
$23.40/mo

FOUNDER price while your subscription stays active

  • Everything in Solo
  • Cover client sites and side projects
  • Monitoring up to every 3 days
  • Priority support
Claim founding price

Scale

15 monitored domains, unlimited re-scans

$49/moSAVE 40%
$29.40/mo

FOUNDER price while your subscription stays active

  • Everything in Studio
  • Daily monitoring
  • Early access to new checks as they roll out
Claim founding price

Prices are in USD. Applicable taxes (such as VAT) are calculated at checkout by our payment provider, Freemius. Fair use: unlimited re-scans are for verifying and monitoring your own domains, not bulk scanning.

Managing more than 15 client domains? Email us - an Agency plan with white-label reports is on the way, and early access is open.

Scan once to find it. Re-scan to prove it is fixed.

Same scan. Different level of detail.

Free reportCritical

Missing Content Security Policy (CSP)

Severity: Critical

Upgrade to verify your fix worked

Paid reportCritical

Missing Content Security Policy (CSP)

Severity: Critical

Your site has no CSP header, allowing attackers to inject malicious scripts via XSS. This can lead to session hijacking, data theft, and defacement.

// AI fix prompt - copy to Cursor / Claude

Add Content-Security-Policy header:
default-src 'self'; script-src 'self';

Compare plans

FeatureFreeSoloStudioMost popularScale
Coverage
Monitored domains1515
Fresh scans2 / monthUnlimitedUnlimitedUnlimited
Re-scan the same domainOnce a monthAnytimeAnytimeAnytime
Monitoring & alertsWeeklyEvery 3 daysDaily
Deep scan - active checks (verified domain)1 lifetimeUnlimitedUnlimitedUnlimited
Always-fresh scansCached up to 24h
Find & fix
Full security scan (700+ check suite)
Finding titles + severityAll severitiesAll + full fixesAll + full fixesAll + full fixes
Verify a fix (before/after diff)
AI fix promptsAll findingsAll findingsAll findings
Plain-English fix suggestions
Reports & integrations
PDF report export
Scan history & score trend
Security badge for your site
GitHub integration
Support
Priority support
Early access to new checks as they roll out
Advanced Security AssessmentLearn moreLearn moreLearn moreLearn more

FAQ

What is a monitored domain?+

A domain you actively protect with UNPWNED: we scan it continuously on your schedule, alert you when something changes, and let you re-scan it anytime to verify fixes. Solo covers 1 domain, Studio covers 5, Scale covers 15. Subdomains of the same site count as one domain.

Are re-scans really unlimited?+

Yes, within fair use. The whole point of fixing something is re-scanning to prove it worked, so paid plans never meter the fix-verify loop on your monitored domains. Fair use means protecting your own sites, not bulk-scanning the internet.

Is re-scanning to check my fix free?+

Free re-scans the same domain once a month, so you can watch your score over time. Instantly re-scanning right after a fix, plus the before/after diff that proves the issue is gone, is a paid feature.

What does a scan check?+

Every scan covers the outside-in surface across OWASP Top 10, headers, SSL/TLS, exposed secrets, open ports, and more, drawn from a suite of 700+ checks. Deep Scan (on verified domains) unlocks the active-probing set: path traversal / LFI, CVE fingerprinting, cloaking detection, ghost-page sampling, and deep CORS/method testing. Paid reports that pass Green Light can activate an UNPWNED VERIFIED badge.

Will UNPWNED scans trigger my firewall or WAF?+

Sometimes. A confirmed WAF challenge can interrupt checks; that means scanner access was limited, not that every application control is secure. Verify ownership and re-run first so UNPWNED can use its owner-authorized retry paths. Our current Vercel egress IPs are shared and should not receive a broad firewall Allow rule. If you are behind Cloudflare, follow the Cloudflare scan guide for the safe access flow.

Why did my Free scan return cached results?+

To keep the Free tier fast and reduce repeated traffic to target sites, Free scans may reuse a healthy cached result if the same domain was scanned in the last 24 hours. You see severity counts and all finding titles, plus score and grade when coverage supports a reliable result. For always-fresh scans, verify your domain ownership (free) or upgrade. Paid scans and verified-domain scans always run live.

What if a paid plan isn't worth it for me?+

You can cancel anytime with one click, no questions asked. The Free plan is always there if you only need a basic check.

Why not just use free security tools?+

Free tools check one thing at a time (SSL, headers, DNS). UNPWNED runs a full suite of 700+ checks in one scan, finds the issues, gives you AI-generated fix instructions you can copy-paste into your editor, and then proves the fix worked. One scan replaces 10+ separate tools.

Can I change plans?+

Yes. You can move between Solo, Studio, and Scale at any time. Changes take effect immediately and are prorated by our payment provider.

What payment methods do you accept?+

We accept all major credit and debit cards via Freemius. All payments are processed securely - we never store your card details.

Your site is exposed right now.

Run your first scan in under 2 minutes. No credit card required.

2,919+ scans already run - 20,403 vulnerabilities found