Frequently Asked Questions

A website security audit is a comprehensive scan of your website to identify vulnerabilities, misconfigurations, and compliance issues. PulseShield checks for missing security headers (like Content-Security-Policy and X-Frame-Options), SSL/TLS configuration problems, tracking cookies served before user consent, and runs 16 automated penetration testing modules including SQL injection and XSS detection. After the scan completes, you receive a professional PDF report with all findings categorised by severity and actionable remediation steps.

A one-off security audit costs £29 and covers up to 3 domains. This includes cookie and GDPR compliance checks, security header analysis, SSL validation, vulnerability scanning, and a professional PDF report. If you need ongoing protection, monthly plans start at £19/month for the Starter plan which includes continuous uptime monitoring and monthly vulnerability scans. The Professional plan at £49/month adds full penetration testing and cookie compliance audits for up to 25 domains. All monthly plans can be cancelled at any time — no contracts.

PulseShield checks over 20 security areas across your website. This includes HTTP security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options), SSL/TLS certificate validity and configuration, open port scanning, SQL injection vulnerabilities, cross-site scripting (XSS) vectors, directory enumeration, subdomain discovery, CORS misconfigurations, clickjacking susceptibility, email security (SPF, DKIM, DMARC records), technology fingerprinting, and cookie/GDPR compliance including pre-consent tracking detection. Each check produces a finding with severity rating and specific remediation advice.

Most scans complete within 2-5 minutes depending on the number of modules selected and the target website's response time. A one-off audit scanning all modules typically takes 3-4 minutes. Cookie compliance audits are faster, usually completing in under a minute. Full penetration testing with all 16 modules may take 5-10 minutes for larger sites. You'll receive your PDF report immediately after the scan finishes — no waiting.

Under GDPR (General Data Protection Regulation) and the ePrivacy Directive, websites must obtain user consent before setting non-essential cookies — this includes analytics cookies (like Google Analytics _ga), advertising cookies (like Facebook Pixel _fbp), and tracking pixels. PulseShield scans your website to detect cookies and tracking scripts that load before a user has given consent. We check for 20+ known tracking scripts including Google Analytics, Facebook Pixel, Hotjar, HubSpot, LinkedIn Insights, TikTok Pixel, Microsoft Clarity, and Matomo. If we find tracking without a consent banner, we flag it as a compliance violation with specific details.

No. PulseShield is a fully external scanning service. We never need access to your server, CMS, or hosting account. All scans are performed from outside your website, exactly the way an attacker would see it. You simply enter your domain name and we handle the rest. This means zero disruption to your website and no code changes required.

PulseShield combines three capabilities that are usually separate tools: automated penetration testing, cookie/GDPR compliance auditing, and continuous monitoring. Most security scanners focus on just one area. We also specialise in small and medium businesses — our reports are written in plain English with clear remediation steps, not jargon-heavy technical output. Pricing starts at £29 for a one-off audit, significantly cheaper than hiring a penetration testing consultant (typically £1,000-£5,000+).

Every PulseShield scan generates a professional PDF report containing: an executive summary with risk score, a breakdown of findings by severity (critical, high, medium, low, info), detailed descriptions of each vulnerability or compliance issue, the specific URL and parameter affected, and step-by-step remediation instructions. Cookie compliance reports include a separate section listing all detected trackers, cookies set before consent, and consent banner status. Reports are branded with your company name and can be shared directly with stakeholders or used as evidence of security due diligence.

Every finding in your report includes a severity rating and specific remediation steps. Critical and high-severity issues should be addressed urgently — we provide clear instructions for each one. For cookie compliance issues, this might mean implementing a consent banner or reconfiguring your analytics setup. For security vulnerabilities, it could involve updating software, adding security headers, or patching code. You can re-scan after making fixes to verify they've been resolved. With monthly plans, you get regular scans to catch new vulnerabilities as they appear.

Yes. The one-off audit covers up to 3 domains. The Starter monthly plan (£19/mo) covers up to 5 domains, Professional (£49/mo) covers up to 25 domains, and Enterprise (£99/mo) covers unlimited domains. Each domain is scanned independently with its own findings and reports.

Yes. All scan data is encrypted in transit and at rest. We use Cloudflare for DDoS protection and secure access controls. Your scan results are only visible to authorised users within your account. We never share your data with third parties. Our full data handling practices are detailed in our privacy policy.

Continuous monitoring runs automated checks on your domains at regular intervals — typically every 2 minutes. It monitors uptime, SSL certificate expiry, DNS changes, and HTTP security headers. If anything changes or goes down, you receive an instant email alert. This means you'll know immediately if your site goes offline, your SSL certificate is about to expire, or a security header has been removed. Without monitoring, these issues can go unnoticed for days or weeks.

Yes. Enterprise plan subscribers (£99/mo) can generate white-label reports branded with their own company logo, colours, and contact information. This is ideal for agencies and security consultants who want to deliver PulseShield reports to their own clients under their own brand.

Getting started takes under 2 minutes. Request a one-off audit for £29 or sign up for a monthly plan at our contact page. Enter your name, email, and the domains you want scanned. We'll set up your account and run your first scan. You'll receive your PDF report within minutes. No credit card required for the initial audit.