Simple, transparent pricing
Enterprise-grade CSP management and supply chain security. Start with a free evaluation, or begin a 14-day trial.
Free
Evaluate ScriptAttest on a single site
- 1 site
- 5 scans/month
- 500 violation reports
- 7 days violation history
- CSP policy wizard
- Report-URI endpoint
- Email alerts
- ScriptAttest fingerprinting
Pro
CSP management for small teams
- 2 sites
- 100 scans/month
- 25,000 violation reports
- 30 days violation history
- Report-URI endpoint
- Email alerts
- ScriptAttest fingerprinting
No credit card required
Business
Complete security platform for growing organizations
- 10 sites included
- 500 scans/month
- Unlimited violation reports
- 90 days violation history
- ScriptAttest fingerprinting
- REST API access
- Slack/webhook alerts
No credit card required
Enterprise
Tailored security for large-scale deployments
- Unlimited sites
- Unlimited scans
- Unlimited violation reports
- Unlimited violation history
- Priority support
- Custom SLAs
Need more? Contact us for custom enterprise plans.
Compare plans
| Feature | Free | Pro | Business | Enterprise |
|---|---|---|---|---|
| Number of sites | 1 | 2 | 10 | Unlimited |
| Monthly scans | 5 | 100 | 500 | Unlimited |
| Violation reports | 500 | 25,000 | Unlimited | Unlimited |
| Violation report history | 7 days | 30 days | 90 days | Unlimited |
| CSP policy wizard | ||||
| ScriptAttest fingerprinting | ||||
| Report-URI endpoint | ||||
| Email alerts | ||||
| Slack/webhook alerts | ||||
| REST API access | ||||
| Support | Community | Priority | ||
| Priority Support & SLA |
Frequently asked questions
What counts as a "scan"?
A scan is when ScriptAttest visits your site with a real browser to capture script fingerprints or test your CSP policy. Multi-page scans count as one scan per page. Scheduled scans count toward your monthly limit.
What counts as a "violation report"?
When you deploy a CSP with our report-uri endpoint, browsers send violation reports when the policy blocks something. Each report received counts toward your limit. High-traffic sites may need higher tiers.
What happens if I go over my limits?
We'll notify you when you're approaching your limits. You can upgrade anytime. If you exceed limits, scans will continue but may be throttled. We never cut off monitoring without warning.
Is there a free trial?
Yes! All paid plans include a 14-day free trial with full access to all features. No credit card required to start. You'll only be charged if you decide to continue after the trial.
What is ScriptAttest fingerprinting?
ScriptAttest captures a complete "fingerprint" of every script on your page: its content hash, URL, execution order, network activity, and dangerous sinks. This lets us detect when a script's behavior changes, even if its URL stays the same (supply chain attack).
What is a "baseline"?
Your baseline is the trusted "known good" state of your site's scripts. All future attestation scans compare against this baseline. You control when to update it (e.g., after a legitimate vendor update).
How does CSP generation work?
We scan your pages to discover all scripts, styles, and external resources. Then you approve which sources to allow (by domain or content hash). We generate a strict CSP policy from your approvals and help you validate it before deployment.
Is my data secure?
Yes. All data is encrypted at rest and in transit. Each organization's data is completely isolated. We follow security best practices and never share or sell your data.
Can ScriptAttest help with compliance requirements?
ScriptAttest provides script inventory, integrity verification, and audit trails that can help support various compliance requirements. Contact us to discuss your specific needs.
Do you offer annual billing?
Contact sales for custom billing arrangements. Reach out to our sales team to discuss options that work for your organization.
Do you offer custom enterprise plans?
Yes! Our Enterprise tier includes unlimited sites, unlimited scans, unlimited violation reports, unlimited history retention, priority support, and custom SLAs. Contact our sales team to discuss a tailored solution for your organization.