Pricing
Know what's exposed. Fix it fast.
700+ security checks per scan. AI-generated fix instructions you can copy-paste. Free to start, upgrade when you need full details.
2,170+
Sites scanned
15,231
Vulnerabilities found
700+
Checks per scan
Free
Forever
- 2 scans per month
- Full security scan (700+ checks)
- 1 lifetime deep scan (verified domain)
- Score + grade + all finding titles
- Severity breakdown (critical / high / medium / low)
- OWASP Top 10 checks
Cached resultsScans may return cached data from a recent scan of the same domain (within 24 hours). For always-fresh scans, verify your domain ownership or upgrade to Pro.
Pro
Most popular- Full finding details + AI fix prompts
- Unlimited deep scans + CVE alerts
- GitHub integration
- PDF report export
- Security badge for your site
- Scan history & score trend
- Continuous monitoring
- Priority support
🔒 Secure payments via Freemius
Free vs Pro report
Same scan. Different level of detail.
Missing Content Security Policy (CSP)
Severity: Critical
Upgrade to Pro to see full details + fix
Missing Content Security Policy (CSP)
Severity: Critical
Your site has no CSP header, allowing attackers to inject malicious scripts via XSS. This can lead to session hijacking, data theft, and defacement.
// AI fix prompt - copy to Cursor / Claude
Add Content-Security-Policy header:
default-src 'self'; script-src 'self';
Compare plans
| Feature | Free | Pro |
|---|---|---|
| Scans per month | 2 | 20 |
| Monitored domains | 5 | |
| Full security scan (700+ checks) | ||
| Always-fresh scans | Cached up to 24h | |
| Deep scan (verified domain) | 1 lifetime | Unlimited |
| AI fix suggestions per scan | All findings | |
| Plain-English fix suggestions | ||
| PDF report export | ||
| Scan history & dashboard | ||
| Monitoring frequency | Every 3 days, Weekly, Monthly | |
| Priority support | ||
| Early access to new checks | ||
| Advanced Security Assessment | Learn more | Learn more |
FAQ
What counts as a scan?+
One scan = one full analysis of a single domain. We run 700+ checks across OWASP Top 10, headers, SSL/TLS, exposed secrets, open ports, and more. Deep Scan (on verified domains) adds CVE fingerprinting, cloaking detection, ghost-page sampling, and deep CORS/method testing. Pro reports that pass Green Light can activate an UNPWNED VERIFIED badge; verified-domain deep scans can activate UNPWNED DEEP VERIFIED.
Can I try Pro before paying?+
Free accounts get score, grade, and finding titles for every check so you can see what is wrong. Upgrade to Pro anytime to unlock full finding details, AI fix prompts, PDF export, scan history, and monitoring. Cancel anytime.
Why did my Free scan return cached results?+
To keep the Free tier fast and protect target sites from repeated scanning, Free scans may reuse a cached result if the same domain was scanned by anyone in the last 24 hours. You still see the score, grade, and finding titles. For always-fresh scans, verify your domain ownership (free) or upgrade to Pro. Pro scans and verified-domain scans always run live.
What if Pro isn't worth it for me?+
You can cancel anytime with one click, no questions asked. The Free plan is always there if you only need basic scans.
Why not just use free security tools?+
Free tools check one thing at a time (SSL, headers, DNS). UNPWNED runs 700+ checks in one scan, finds the issues, and gives you AI-generated fix instructions you can copy-paste into your editor. One scan replaces 10+ separate tools.
Can I change my plan volume?+
Yes. You can switch between 7, 20, or 100 scans/month at any time. Changes take effect immediately.
What payment methods do you accept?+
We accept all major credit and debit cards via Freemius. All payments are processed securely - we never store your card details.
Your site is exposed right now.
Run your first scan in under 2 minutes. No credit card required.
2,170+ sites already scanned - 15,231 vulnerabilities found