Paste a URL. In 3 minutes, we find what attackers and regulators would find — exposed credentials, outdated CVE libraries, GDPR gaps, ADA violations, and more. No setup required.
Free to try · No credit card required · Results in 3 minutes
Stripe secret key exposed in page source
sk_live_... found in inline JavaScript. Anyone viewing your source can use it. Rotate immediately and move server-side.
Security scanning — now included in every scan
We check for exposed API keys & credentials, outdated libraries with known CVEs, insecure cookie flags, missing security headers, CORS misconfigurations, admin panel exposure, and more — automatically, alongside every compliance check.
Compatible with every platform you use
+ any platform that renders in a browser
[ 01 / 03 ]
Measurable Results
How it works
Enter your website address. No SDK, no code changes, no setup required.
Works with any web technology — React, WordPress, Shopify, or plain HTML.
Scan your website
Quick Audit
Full Audit
Our scanner crawls every page and runs six compliance modules in parallel.
Accessibility, privacy, legal pages, eCommerce, security headers, and email compliance — all at once.
example-shop.com
Compliance audit in progress
Elapsed
0s
Starting up...
Complix AI synthesises findings into plain English with exact fixes and a risk score.
Download as PDF or share a link. Risk score, category breakdown, and prioritised issues — ready immediately.
Scan results for
example-shop.com
23 issues found across 3 categories. Immediate action recommended.
No cookie consent banner detected
GDPR Article 7 · Potential fine up to €20M
Scroll to continue
Security + Compliance Audits
Accessibility
WCAG 2.1 AA checks via axe-core — the industry standard used in ADA litigation.
Privacy
GDPR, CCPA, ePrivacy — trackers caught before regulators find them.
Legal Pages
Terms, Privacy Policy, Refund Policy — existence and content integrity checks.
Security
Exposed credentials, outdated CVE libraries, cookie flags, headers — 13 attack vectors.
We audit from the outside — no login required, no access to your source code, no stored credentials.
No login required
We scan exactly like a real user would
Isolated scans
Fresh crawl each run, nothing cached
Data retention
Delete any scan or report at any time
GDPR compliant
We practice what we audit on your behalf
What we check
Each mapped to real regulations and real fines. No fluff, no false positives.
WCAG 2.1 AA audit via axe-core. Screen-reader blockers, contrast failures, missing ARIA labels.
Tracker detection, consent banner presence, GDPR and CCPA coverage in your Privacy Policy.
Terms of Service, Privacy Policy, Refund Policy. Existence checks and placeholder text detection.
Return policy visibility, subscription billing disclosures, and hidden fee patterns.
Exposed credentials, outdated CVE libraries, insecure cookies, CORS misconfigs, SRI, admin panel exposure, mixed content, dangerous JS — 13 attack vectors checked.
CAN-SPAM, GDPR consent, TCPA SMS disclosures, pre-checked opt-in boxes.
Example output
Not just "you have a problem." Complix AI tells you exactly what to do, with code snippets where applicable.
Why this matters
Your site loads Google Analytics and Meta Pixel before asking visitors for consent. Under GDPR Article 7, this can result in fines up to 20M euros or 4% of global annual turnover.
How to fix it
<!-- Add before any analytics scripts --> <script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="YOUR-CBID" type="text/javascript" async> </script>
Self-check
Answer 5 quick questions to get an estimated compliance score — then scan your real site to see the full picture.
Do you have a cookie consent banner that blocks trackers until the user accepts?
Is your Privacy Policy up-to-date and linked in your footer?
Do all images on your site have descriptive alt text?
Do you have Terms of Service and a Refund Policy linked from checkout?
Does your site send security headers like CSP and HSTS?
0 of 5 answered
Social proof
“Found a GDPR violation in our checkout flow that our legal team had missed for 6 months. Fixed it the same day.”
Sarah K.
CTO, SaaS startup
“We got hit with an ADA lawsuit demand last year. Now I run Complix on every deploy. Haven't had a single accessibility complaint since.”
Marcus T.
Founder, eCommerce brand
“The report caught that our cookie banner wasn't actually blocking scripts — it was just decorative. That's the kind of thing you don't catch manually.”
Priya L.
Head of Engineering
Pricing
Start free. Upgrade when you need more coverage.
Free
Starter
Pro
Business
All paid plans include a 14-day money-back guarantee. Cancel anytime. No contracts.
Full feature comparison
| Feature | Free | Starter | Pro | Business |
|---|---|---|---|---|
| Scans per month | 1 ever | 5 | Unlimited | Unlimited |
| Accessibility (WCAG 2.1) | Score only | Full report | Full report | Full report |
| Code fix suggestions | ✕ | ✕ | ✓ | ✓ |
| Privacy & cookies (GDPR) | ✕ | ✕ | ✓ | ✓ |
| Legal pages check | ✕ | ✕ | ✕ | ✓ |
| eCommerce compliance | ✕ | ✕ | ✕ | ✓ |
| Security headers | ✕ | ✕ | ✕ | ✓ |
| Email & marketing (CAN-SPAM) | ✕ | ✕ | ✕ | ✓ |
| PDF export | ✕ | ✕ | ✓ | ✓ |
| White-label PDF | ✕ | ✕ | ✕ | ✓ |
| Scheduled rescans | ✕ | ✕ | ✓ | ✓ |
| Priority support | ✕ | ✕ | ✕ | ✓ |
Join developers and founders who audit their sites before lawyers do.
Scan your website free→No credit card required · Results in ~3 minutes