Question 1

What does AppVet scan for?

Accepted Answer

AppVet runs 76 checks across four scan types available to everyone: Security (27 checks — headers, cookies, TLS, sensitive file exposure, vulnerable libraries), Performance (26 checks — Core Web Vitals and asset optimization), Accessibility (12 checks — WCAG 2.2 Level A & AA), and SEO (11 checks — meta tags, crawlability, mobile readiness). Logged-in users also get Quality (8 checks — runtime security, code hygiene, error reporting via Lighthouse best-practices). Run one, two, or all in a single scan.

Question 2

How long does a scan take?

Accepted Answer

You'll see real-time progress as each tool runs, and you'll be redirected to your report automatically when it's done.

Question 3

Do I need to create an account?

Accepted Answer

No — your first scan is completely free with no signup required. Just paste a URL and hit Run Audit. Create a free account to get 5 scans per month, scan history, and API access. Need more? Buy credit packs starting at $5 for 5 scans — no subscription required.

Question 4

Is my website safe during the scan?

Accepted Answer

Yes. AppVet performs read-only checks — we never modify your website, submit forms, or make changes to your data. Our scans are non-invasive and safe to run on production sites.

Question 5

What do I get in the report?

Accepted Answer

A detailed report with an overall score, category breakdowns, and prioritized findings sorted by severity. Each finding includes evidence, the specific element affected, and actionable fix suggestions.

Question 6

Can I share my report?

Accepted Answer

Yes — every report has a unique shareable link. Send it to your team, clients, or stakeholders. Reports also have a print-friendly layout for PDF export.

Question 7

What tools do you use?

Accepted Answer

We use industry-standard tools including axe-core, pa11y, and Lighthouse for accessibility, Lighthouse for Core Web Vitals and performance, and OWASP-based scanners for security headers and TLS. Multiple tools cross-validate each finding to reduce false positives.

Question 8

How is the score calculated?

Accepted Answer

Your score starts at 100 and deductions are applied based on the types of issues found and their severity. Critical issues have a larger impact than low-severity ones. Multiple instances of the same issue type have diminishing returns — so 10 missing alt texts don't hurt 10x more than 1. The result is a university-style grade from A+ (90+) to F (below 50).

Question 9

What is Fix with AI?

Accepted Answer

Every finding in your report has a Fix with AI button that generates a detailed, copy-paste-ready prompt. It includes the issue, severity, affected elements, and a verification checklist. Paste it into ChatGPT, Claude, or your preferred AI assistant to get a tailored fix for your codebase.

Question 10

Can I scan any website?

Accepted Answer

You can scan any website you own or have authorization to test. Major enterprise sites (Fortune 500, banks, government domains) are blocked on Guest and Free plans to prevent misuse. If you hit a blocked domain, we'll suggest alternative sites you can try.

Question 11

Is there an API or CLI?

Accepted Answer

Yes — AppVet has a full REST API and a CLI tool. Create an API key in your dashboard, then use npx appvet scan https://yoursite.com from your terminal or integrate via the API. JSON output and threshold exit codes make it easy to plug into CI/CD pipelines like GitHub Actions.

Question 12

I built my app with AI (Lovable, Bolt, v0). Is it secure?

Accepted Answer

That's exactly why AppVet exists. AI tools generate functional code fast, but often miss security headers, expose .env files, leave cookies without HttpOnly flags, and skip accessibility standards. Paste your URL into AppVet — our 84 checks across security, performance, accessibility, and SEO will tell you exactly what needs fixing, with copy-paste AI prompts to fix each issue.

Question 13

How does pricing work?

Accepted Answer

Everyone gets 5 free scans per month. Need more? Buy credit packs — $5 for 5 scans up to $100 for 200 scans. The more you buy, the less per scan ($1.00 down to $0.50). For heavy usage, switch to auto-billing — every tier is cheaper than packs, starting at $0.85/scan. No pre-buying, no commitments.

Question 14

How does auto-billing work?

Accepted Answer

Auto-billing means you never run out of scans. Just scan, and get one monthly invoice. Every tier is cheaper than the equivalent pack: $0.85/scan for 1-10, $0.65 for 11-50, $0.50 for 51-100, and $0.40 for 101+. Tiers reset each billing period. Your billing cycle starts on the day you sign up, not the calendar month.

Question 15

Can I switch between credit packs and auto-billing?

Accepted Answer

Yes. You can upgrade to auto-billing from your Account page after purchasing 2 or more credit packs. To switch back to packs, cancel your auto-billing subscription from the billing portal and you'll automatically revert to pack-based billing. Any unused free scans are still available either way.

Question 16

What happens if I cancel auto-billing?

Accepted Answer

You'll be billed for any scans used in the current period, then your account reverts to pack-based billing. Your scan history, reports, and API keys are all preserved. You can still buy credit packs or use your 5 free monthly scans.

Question 17

Why do I get slightly different scores on repeat scans?

Accepted Answer

Security and SEO scores are deterministic — you'll get the same result every time. Performance scores can vary ±5-8 points between runs because Lighthouse measures real browser metrics (TBT, LCP, TTI) that depend on CPU timing and V8 compilation inside the scan container. Accessibility scores may vary ±2-3 points. We use fixed throttling to minimize variance, but some is unavoidable — this is the same variance Google's own PageSpeed Insights shows. If precision matters, run the scan 2-3 times and take the median.

Question 18

Will the Fix with AI prompt fix everything in one go?

Accepted Answer

Usually most of it, but not always everything. The prompt is thorough — it includes every finding, severity, affected elements, and a verification checklist. What you get back depends on the model you use (Claude, ChatGPT, Cursor, Copilot) and the complexity of your codebase. Framework-level fixes (Next.js, Rails, Django) land cleanly. Custom build systems or unusual architectures may need a second pass. After applying fixes, rescan to confirm. Each rescan is cheap — that's the feedback loop: scan → fix with AI → rescan until your score is where you want it.

Privacy Policy

1. Data We Collect

2. How We Use Your Data

3. Cookies

4. Third-Party Services

5. Data Retention

6. Your Rights

7. Security

8. Changes to This Policy

9. Contact