Features

Everything
Decloak does.

11 features available on the free tier. 22 more unlock with a paid account. Filter below to see exactly what you get at each level.

Free11 features included
Pro22 additional features unlocked
Free

Scanning

Single-page instant scan

Paste any URL and get a complete security snapshot across all 7 layers in under 15 seconds. No account, no setup.

Free

Scanning

7-layer security analysis

HTTP/TLS, HTML, network traffic, JavaScript CVEs, tag managers, third-party supply chain, and AI synthesis all run simultaneously on every scan.

Free

Scanning

JavaScript CVE detection

Retire.js + OSV database checks against every JS library identified on the page. Pinpoints the exact file and version with the CVE ID linked.

Free

Scanning

Third-party domain mapping

Every external domain your page contacts - categorised by purpose, checked for registration age, and flagged if they match threat intelligence signals.

Free

Scanning

HTTP security headers

Full checklist of CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, cookie flags, CORS, and server version disclosure.

Free

Scanning

Tag manager intelligence

Identifies every GTM container, lists all active tags and their firing triggers, and flags tags sending data to unrecognised or newly-registered domains.

Free

Scanning

Security score and grade

Every scan produces a weighted 0-100 score and A-F grade calculated from finding severity across all 7 layers. Comparable across scans over time.

Free

Scanning

Network traffic capture

Headless browser records every request made on page load - third-party scripts, WebSocket connections, dynamically injected tags, and storage writes.

Pro

AI Investigation

Full-site AI agent

An AI agent crawls your entire site - or a defined scope - running all 7 layers on every page it decides is worth investigating.

Pro

AI Investigation

Live reasoning trace

Watch the agent explain every decision in real time as it investigates. Each step is logged with the finding that triggered it - useful as an audit trail.

Pro

AI Investigation

Source map analysis

When an exposed .map file is found, the agent fetches it and reconstructs original source to check for hardcoded secrets and internal architecture leaks.

Pro

AI Investigation

GTM container deep-dive

Goes beyond identifying the container ID - fetches and parses the full tag configuration, including nested tags, custom HTML tags, and variable definitions.

Pro

AI Investigation

Domain threat intelligence

WHOIS lookup, registration age, subdomain enumeration, and threat reputation checks for every third-party domain your site contacts.

Pro

AI Investigation

Per-finding remediation

AI-written remediation steps specific to each finding - not generic advice. Tells your developer exactly what to change and why.

Free

Reports

AI executive summary

Plain-English summary of your security posture written by an LLM that has read all findings holistically. Readable by a CTO, auditor, or board member.

Free

Reports

Shareable public link

Every free report gets a public URL you can send to a developer, client, or auditor. Sign up to save reports to your account permanently.

Pro

Reports

PDF evidence export

Timestamped, formatted PDF with your scan details, findings, and an attestation block. Accepted by auditors for SOC2 and ISO 27001 evidence.

Pro

Reports

Full scan history

Every scan you run is preserved indefinitely. Filter by domain, date, or severity to find any past report instantly.

Pro

Reports

Comparison reports

Side-by-side diff between any two scans of the same site. See exactly what findings are new, what has been resolved, and what has changed severity.

Pro

Reports

Evidence packages

Export a date-range ZIP of all scan history - formatted for auditor handoff. Includes all PDFs, finding logs, and scan attestation metadata.

Pro

Compliance

ISO 27001 control mapping

Every finding is automatically tagged to the relevant ISO 27001 Annex A controls. Filter your report to show only findings relevant to a specific control.

Pro

Compliance

SOC2 criteria mapping

Findings tagged to SOC2 Trust Services Criteria (Security, Availability, Confidentiality). Makes it straightforward to respond to auditor questions by control.

Pro

Compliance

Remediation tracking

Mark each finding as Open, In Progress, Resolved, or Accepted Risk. Auditors need to see that findings are being acted on - this closes that loop.

Pro

Compliance

Audit trail

Every scan is stamped with who triggered it, when, from where, and with which configuration. Full chain of custody for compliance evidence.

Pro

Automation

Scheduled recurring scans

Set a daily, weekly, or monthly cadence and scans run automatically. Never miss a monthly security check-in for SOC2 or ISO 27001 again.

Pro

Automation

Email alerts

Get notified when a scheduled scan completes or when a new critical or high severity finding is detected - before your next scheduled check.

Pro

Automation

Slack notifications

New critical findings delivered to a Slack channel of your choice within minutes. Useful for security channels and on-call workflows.

SoonPro

Automation

Webhook integration

Push findings to any system - Jira, Linear, PagerDuty, or your own. Configurable payload with finding severity, title, and evidence.

SoonPro

Automation

CI/CD integration

Trigger scans from GitHub Actions, GitLab CI, or any pipeline via the API. Block merges if a new critical finding is introduced.

Free

Team

Multi-domain dashboard

Your account shows all scans organised by domain - current grade, last scanned, open findings. Free for all accounts. Pro adds team sharing and bulk actions.

Pro

Team

Multi-user access

Invite team members with role-based permissions. Developers see findings and remediation; managers see scores and reports; admins manage everything.

Pro

Team

Assign findings to developers

Tag any finding to a specific team member. They get notified and can update the remediation status. Closes the loop between security report and dev ticket.

SoonPro

Team

API access

Full REST API for programmatic scan triggering, result retrieval, and status polling. Includes client libraries for Node.js and Python.

33 of 33 features shown

FreeStart immediately

No account needed. Paste a URL on the homepage and get your report in 15 seconds.

Scan free now
ProFull investigation from £29/mo - no free trial needed

AI agent investigation, scheduled scans, team access, compliance reporting, and everything above.