Cipherwake Monitor watches your domain's cryptographic posture daily — cert expiry, key rotation, subdomain takeover risk, and the Decryption Blast Radius score that no other monitor surfaces. Email alerts the moment something changes. 12 months of score history so you can see how your TLS posture drifts over time. The signed trust-page badge is included.
All three include daily monitoring, what-changed diff alerts, the embedded trust-page badge, and the open methodology. Difference is how many domains you watch, how fast we re-scan, and how alerts get delivered.
Included with every Monitor subscription. Drop it on your trust page or security.txt as evidence of independent monitoring. Example shown is the public free badge; subscribers get the "MONITORED BY CIPHERWAKE" stamp + last-scan timestamp added.
The historical-data moat is the public product. We don’t hide it behind email walls or downgrade old observations. Paid Monitoring is for continuous alerts and portfolio scale — never for the depth of the free view.
npx pqcheck, Slack /pqcheck, browser extension/key/<spki> shows every domain reusing that private key/vendor/<host> shows every site that loads a given third-party scriptOur rule: free for public curiosity, paid for private memory, scale, alerts, and automation. The depth of the historical view is never the wall — the wall is the moment of intent: “alert me,” “across my portfolio,” “always-on.”
You configure thresholds for each alert type when you set up monitoring. Defaults: 30 / 14 / 7 days before cert expiry; score drop ≥0.5 points; any newly-detected key persistence event (cert rotated but private key didn't); any newly-detected subdomain takeover risk. Alerts fire to the email on your account and can be forwarded to a Slack channel via Slack inbound webhook (or any incoming-webhook destination).
Starter ($29/mo) if you watch ≤5 domains and only need email alerts. Growth ($79/mo) if you watch a vendor portfolio (up to 50 domains), want Slack or webhook delivery, or need team seats. Scale ($199/mo) if you watch ≥50 domains, want hourly re-scans, or need CSV portfolio export. Every tier includes daily monitoring, what-changed diff alerts, the embedded trust-page badge, and 90+ days of score history.
Each tier card above shows a "Notify me" form when its sales flag is closed. Drop your email and we'll send a personal checkout link the moment that tier opens. We don't charge anything until you accept and complete checkout.
The uptime monitors check whether your endpoint is reachable + whether the cert is valid today. They don't analyze the cryptographic posture underneath. Cipherwake Monitor tracks key rotation across cert rotations (the Heartbleed / SolarWinds lesson — your cert rotated, your team thought you remediated, but the same private key kept signing), subdomain takeover risk via CT log analysis, cipher class + TLS posture trends, and the Decryption Blast Radius score (harvest-now-decrypt-later exposure). Different signal, complementary tool.
The free public score is point-in-time — scan a domain, get the current grade. Anyone can do it free at cipherwake.io. Monitor adds continuous scanning, alerts when things change, 12-month history (evidence for customer reviews and vendor questionnaires), and the signed embeddable trust-page badge. If you only need to check a domain occasionally, the free scan is enough. If you need to know within hours when something changes, Monitor is the tool.
You get an alert email (configurable threshold). The cleanest path forward is to fix the underlying crypto posture (cert rotation, key rotation, header gaps) — that's what the monitoring is for. The badge auto-updates after the next verified scan.
Yes — every tier above includes a domain quota: Starter watches 5, Growth watches 50, Scale watches 500. Need more than 500 on a single account, or want a custom integration? Email us for an Enterprise quote.
The free public score is free forever — that's the product, not a teaser. What you pay for is continuous verified monitoring, the artifact you can show on your trust page, the history, and the alerts. Per our pricing discipline, free preview + paid for depth + monitoring is the dominant tier.
Daily verified scans on the standard plan. The badge image is edge-cached for 15 minutes (no perceptible lag for a viewer; saves 15× the infra cost vs. minute-by-minute polling). If your score genuinely changes, the badge reflects it within 15 minutes.
Anytime, after you start. Stripe customer portal. We don't make it hard. The embedded badge stops rendering "Verified" within 24 hours of cancellation and falls back to the free public-grade variant.