Your site is up. Is it safe?
Twelve checks across security, accessibility, dependencies, and compliance. We grade what is live, name the gaps, and tell you which ones to fix this quarter and which can wait.
Who runs this
When the audit pays for itself.
Established businesses (five years and up). Multi-location operations. Anyone whose customers send PII through the site. Anyone whose vendor reviews ask for a compliance statement. Anyone whose lawyer just sent them a strongly worded note.
We follow NIST CSF 2.0 for the security posture, OWASP Top 10 for the application layer, and WCAG 2.1 AA for accessibility. None of those are optional anymore. The audit shows you what shape you are in against each.
The one-time audit
Twelve checks. One PDF.
- Security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy) graded against the latest OWASP guidance
- Secret scan across the site source: nothing exposed in client bundles or repo history
- Dependency audit: known vulnerabilities, abandoned packages, version drift
- Cookie consent and privacy posture (GDPR, CCPA) with the gaps named explicitly
- WCAG 2.1 AA accessibility audit with remediation cost estimates per finding
- Schema.org markup validation across every public route
- Post-deploy gate template you can drop into your CI to keep the score from drifting
Pricing
Audit once. Monitor onward.
One-time audit
$399
Twelve-section PDF. Findings ranked by severity. Remediation cost per finding. Yours to keep.
Add monitoring
Most adopters$99/mo
After the one-time audit, we watch for drift.
- Monthly drift report: what changed, what regressed, what got better
- Dashboard view of your security and accessibility posture across time
- Quarterly re-audit summary so you see the long arc, not just last month
- Incident-class alerts emailed within one business hour of detection
Free baseline read
See where you stand.
Free five-minute scan. We grade your security headers, accessibility floor, and Schema coverage. You see the gaps, with no obligation to fix them with us.