Skip to main content
Recon44 is a real-time web security platform that sits between the internet and your website. It inspects every incoming request, blocks malicious traffic at the network edge before it ever reaches your server, and continuously scans your site for vulnerabilities — all from a single dashboard. Setup takes around five minutes and requires nothing more than one DNS record.

Who Recon44 is for

Recon44 is built for teams that need enterprise-grade web protection without a dedicated security engineering team. Whether you run a SaaS product, an e-commerce store, a content platform, or a corporate site, Recon44 gives you visibility and control over every threat targeting your domain.

Real-time threat feed

See every attack — DDoS, SQL Injection, XSS, Brute Force, and scanner activity — as it happens, with IP address, country of origin, and the action Recon44 took.

Edge-level WAF blocking

Malicious requests are blocked across Cloudflare’s global network in under 50ms, before they reach your origin server. Recon44 uses 200+ OWASP Core Rule Set payload patterns — the same standard used by Cloudflare and AWS WAF.

Vulnerability scanning

Automated scans check SSL certificates, security headers, exposed files, open ports, injection vectors, and rate limiting gaps — giving you a prioritized list of issues to fix.

One-click IP management

Block or whitelist any IP address instantly from the dashboard. No config files, no command line, no waiting for a deploy.

Compliance-ready logging

Hash-chained, tamper-proof audit logs support SOC2 TYPE II, ISO 27001, PCI DSS, NIST CSF, and MITRE ATT&CK frameworks out of the box on eligible plans.

Alerting and notifications

Receive attack alerts via email, Telegram, or SMS the moment Recon44 detects or mitigates a threat. Configurable per site and per threat type.

How Recon44 fits into your security posture

Recon44 operates as an inline security layer between DNS and your server. Once you point a CNAME record at Recon44, all traffic flows through it automatically. You don’t change your application code, your hosting setup, or your existing infrastructure. This means:
  • Scanning runs independently of your stack — Recon44 probes your site from the outside, the same way an attacker would.
  • WAF inspection happens at the edge on every request, not on your server, so your origin is never exposed to raw attack traffic.
  • Blocking decisions are made in under 50ms using pattern matching against the OWASP Core Rule Set, with no latency penalty for legitimate users.
Recon44 does not require you to install agents, plugins, or SDKs. The entire integration is DNS-based.

Plans at a glance

PlanSitesWAF modeHistoryAlerts
Free1Read-only (monitor)7 days
Pro1Active blocking30 daysEmail
Business1Active blocking90 daysEmail, Telegram, SMS
Scale5Active blockingUnlimitedEmail, Telegram, SMS
EnterpriseCustomActive blockingUnlimitedCustom
Start on the Free plan to explore the dashboard and review your first scan results. Upgrade to Pro whenever you’re ready to enable active blocking.

Next steps

Get started

Create your account, add a site, and run your first vulnerability scan in under 5 minutes.

Set up DNS

Add a CNAME record to route live traffic through Recon44’s inspection layer.

How the WAF works

Understand how Recon44 inspects and blocks requests in real time.

Compare plans

Find the right plan for your site count, retention needs, and compliance requirements.