AuditCoreAuditCore
Live SVG · auto-updates

Embeddable security badge
for your site.

Show visitors your site is continuously audited. The badge updates automatically as new scans complete — green for clean, yellow/orange/red as severity climbs. One line of Markdown, no JS, no external CSS, no telemetry on your visitors.

Live preview · example.com
AuditCore badge for example.com/api/v1/public/badge/example.com

Paste your domain (with or without https://). The snippets below update live as you type.

Copy-paste snippets

Markdown
README files, Notion, GitHub/GitLab, blog posts, Docusaurus
[![AuditCore](https://audit-core.tech/api/v1/public/badge/example.com)](https://audit-core.tech)
HTML
Any website, plain HTML, WordPress, Webflow, Framer
<a href="https://audit-core.tech" target="_blank" rel="noopener">
  <img src="https://audit-core.tech/api/v1/public/badge/example.com" alt="AuditCore security audit" />
</a>
BBCode (forums)
phpBB / vBulletin / older community forums
[url=https://audit-core.tech][img]https://audit-core.tech/api/v1/public/badge/example.com[/img][/url]
reStructuredText
Sphinx documentation, ReadTheDocs
.. image:: https://audit-core.tech/api/v1/public/badge/example.com
   :alt: AuditCore
   :target: https://audit-core.tech

What the colors mean

AuditCore: secure

No findings — clean scan. The badge a security-conscious blog/OSS maintainer wants to show.

AuditCore: N issues

Low + medium severity only. Worth fixing but not urgent.

AuditCore: N high

High severity findings present. Address within a sprint.

AuditCore: N critical

Critical findings. Fix today — these are the patterns active attackers exploit.

AuditCore: not scanned

No completed scan for this domain yet. Run one to populate the badge.

FAQ

Does the badge track my visitors?+

No. The SVG is served directly from audit-core.tech — your visitor's browser fetches one image, no JS, no cookies, no fingerprinting, no third-party trackers loaded. Standard <img> behavior only. If they click through, that hit lands on our site (and we use our own access logs there), but the badge itself is privacy-clean.

How often does the badge update?+

Cached server-side for ~1 hour. After you run a fresh scan, the new color/count is visible within 60 minutes on any site embedding the badge. The Cache-Control header is set so reverse-proxies (Cloudflare etc.) don't over-cache.

Will the badge slow down my page?+

Negligibly. The SVG is ~1-2 KB, served from Cloudflare's edge, no JavaScript, no blocking rendering. Lighthouse won't notice it.

Can I embed without linking back to AuditCore?+

Technically yes — just use the <img> tag without the wrapping <a>. We'd appreciate the backlink (it's how this thing pays for itself), but we don't enforce it. The badge keeps working.

What if I haven't run a scan yet?+

The badge shows 'AuditCore: not scanned' in gray. Once you run a scan (free tier works), the badge auto-flips to the actual status within an hour.

Does it work for subdomains?+

Yes — pass the full hostname: /api/v1/public/badge/app.yourdomain.com. Each subdomain has its own scan state.

Can I host the badge SVG on my CDN?+

You could cache it, but then it stops auto-updating. The whole point is that 'continuously audited' is verifiable in real-time by anyone who clicks the SVG URL. Self-hosting defeats that signal.

Run your first scan, then embed the badge.

Free 1-page audit, no card. The badge auto-populates the moment your scan completes.