Two certificates, two price points, two different audiences. If you’re trying to decide which one to buy or what they actually contain, this is the breakdown.
Free — Site Check L1
Free instant audit. No signup, no payment, no login. Returns:
- Score 0-100 with a one-line verdict
- 12 passive security checks with traffic-light status
- Performance signals from a real-browser probe (LCP, FCP, CLS)
- AI-prompt fixes you can paste back into Lovable / Bolt / v0 / Cursor / Replit
No certificate, no badge — those start at the paid tiers.
£29 — Site Verified (Site Check L2 Concurrency)
Pays for a 5-user, 2-minute concurrency test. On pass:
- A verifiable cert with a unique ID at
/cert/<cert_id>— public, indexable, shareable - An amber “Site Verified — concurrency tested” badge SVG at
/badge/<cert_id>.svg— embed on your site - Embed code (drop into any HTML page; the badge links back to the cert)
- A full performance report — score, P95, error rate, slowest pages, load profile chart
- A full security analysis attached to the same cert — 12 passive checks, all findings, score, AI-prompt-fix Copy buttons on warn/fail rows
- 90-day validity (automatically revalidates against your live site once a month — if your security posture drifts, the cert auto-invalidates)
Best for: anyone charging customers, anyone who wants a public proof point on their site, agencies who want a deliverable artefact at the end of a build.
£49 — Launch Verified (Site Check L3 Load)
Pays for a 50-user, 5-minute load test. On pass:
- The same cert + badge + embed pattern (green this time)
- Full performance report — including error patterns under load, P95 distribution, status code breakdown
- 180-day validity
- Performance only — no security analysis. Running passive security checks alongside a 50-user load is needlessly intrusive (looks like a coordinated attack to most WAFs). If you want both, run Site Verified first then Launch Verified separately.
Best for: pre-launch / Black Friday / campaign-readiness. Sites that have done Site Verified and want a heavier validation.
What “verifiable” means
Every cert is signed (HMAC) by us, has a unique UUID, and lives at a public URL anyone can fetch. Embed the badge on your site → it points to the cert page → anyone can verify it’s real, what it tested, when it was issued, and what it found. Procurement teams love this. So do prospects.
For pricing-specific questions, see Billing & account Community board.