Simple, transparent pricing
Start free, upgrade when you need more. No hidden fees, no surprises. All plans include a 14-day free trial.
Free
Perfect for trying out ScriptAttest
- 1 site
- 20 scans/month
- 1,000 violation reports
- 7 days policy history
- CSP policy wizard
- Report-URI endpoint
- Email alerts
Pro
For growing sites with real traffic
- 5 sites included
- 200 scans/month
- 50,000 violation reports
- 90 days policy history
- Report-URI endpoint
- Email alerts
- ScriptAttest fingerprinting
No credit card required
Enterprise
For teams managing multiple sites. Need more? Contact us for custom enterprise plans.
- 25 sites
- 1,000 scans/month
- Unlimited violation reports
- Unlimited policy history
- REST API access
- Slack/webhook alerts
Need more? Contact us for custom enterprise plans.
Compare plans
| Feature | Free | Pro | Enterprise |
|---|---|---|---|
| Number of sites | 1 | 5 | 25 |
| Monthly scans | 20 | 200 | 1,000 |
| Violation reports | 1,000 | 50,000 | Unlimited |
| Policy history | 7 days | 90 days | Unlimited |
| CSP policy wizard | |||
| ScriptAttest fingerprinting | |||
| Report-URI endpoint | |||
| Email alerts | |||
| Slack/webhook alerts | |||
| REST API access | |||
| Support | Community | ||
| Priority Support & SLA | Custom plans only |
Frequently asked questions
What counts as a "scan"?
A scan is when ScriptAttest visits your site with a real browser to capture script fingerprints or test your CSP policy. Multi-page scans count as one scan per page. Scheduled scans count toward your monthly limit.
What counts as a "violation report"?
When you deploy a CSP with our report-uri endpoint, browsers send violation reports when the policy blocks something. Each report received counts toward your limit. High-traffic sites may need higher tiers.
What happens if I go over my limits?
We'll notify you when you're approaching your limits. You can upgrade anytime. If you exceed limits, scans will continue but may be throttled. We never cut off monitoring without warning.
Is there a free trial?
Yes! All paid plans include a 14-day free trial with full access to all features. No credit card required to start. You'll only be charged if you decide to continue after the trial.
What is ScriptAttest fingerprinting?
ScriptAttest captures a complete "fingerprint" of every script on your page: its content hash, URL, execution order, network activity, and dangerous sinks. This lets us detect when a script's behavior changes—even if its URL stays the same (supply chain attack).
What is a "baseline"?
Your baseline is the trusted "known good" state of your site's scripts. All future attestation scans compare against this baseline. You control when to update it (e.g., after a legitimate vendor update).
How does CSP generation work?
We scan your pages to discover all scripts, styles, and external resources. Then you approve which sources to allow (by domain or content hash). We generate a strict CSP policy from your approvals and help you validate it before deployment.
Is my data secure?
Yes. All data is encrypted at rest and in transit. Each organization's data is completely isolated. We follow security best practices and never share or sell your data.
Can ScriptAttest help with compliance requirements?
ScriptAttest provides script inventory, integrity verification, and audit trails that can help support various compliance requirements. Contact us to discuss your specific needs.
Do you offer custom enterprise plans?
Yes! If you need more than 25 sites, more than 1,000 scans/month, priority support, custom SLAs, dedicated infrastructure, or special features, contact our sales team. We're happy to work with you on a custom enterprise solution tailored to your needs.