Choose Your Hub

Three specialized hubs for web exposure management. Pick the one that fits your priority, or combine them all.

Security Hub icon for web security monitoring and threat detection

Security Hub

Continuous website execution monitoring.

Detects Magecart, supply chain attacks, and AI-generated threats right where they happen, in the user’s browser. No code changes, live within one business day.

Privacy Hub icon for website privacy compliance enforcement

Privacy Hub

Runtime web privacy assurance

Verifies consent is actually enforced in the browser, not just configured. Supports GDPR, CCPA, HIPAA, PIPEDA, and GPC. Works alongside your CMP; it doesn’t replace it.

Offensive Hub

Agentic continuous web penetration testing.

Guaranteed coverage — not best effort. Every endpoint, every attack category, every run. Built for production apps with authentication, business logic, and real-world complexity.

PCI Module

Remote, agentless PCI DSS 4.0.1 compliance for requirements 6.4.3 and 11.6.1

Zero audit observations across every published customer case study. Available standalone or as part of Security Hub.

Explore Reflectiz Hubs

Security Hub

Continuous website execution monitoring.

Detects Magecart, supply chain attacks, and AI-generated threats right where they happen, in the user’s browser. No code changes, live within one business day.

Standard

Detect · Alert
Respond Best for:
High third-party volume sites that need to detect and respond, not just observe.
  • Behavioral execution analysis 
& smart alerts
  • Security baseline with AI auto-approvals
  • AI chat assistant & deobfuscation
  • On-demand script blocking
  • REST API / SIEM integration
  • Post-authentication flow monitoring

Professional

Expose · Prioritize
Govern Best for:
Multi-site portfolios needing prioritization and executive visibility
  • Everything in Standard
  • Exposure Rating (A–F, peer-benchmarked)
  • Centralized security policies
  • Consolidated estate-wide view
  • Executive reports & shareable exports
  • Dedicated Customer Success partner

Enterprise

Customize · Integrate
Control Best for:
Multiple teams, strict access, formal governance, SOC & GRC integration
  • Everything in Professional
  • SSO & enterprise identity controls
  • Advanced permissions & RBAC
  • Custom workflows, policies & escalations
  • Deep integrations & custom data access
  • Auditability & investigation-ready history

Privacy Hub

Runtime web privacy assurance

Verifies consent is actually enforced in the browser, not just configured. Supports GDPR, CCPA, HIPAA, PIPEDA, and GPC. Works alongside your CMP; it doesn’t replace it.

Standard

Up to 10 websites
Best for:
Privacy teams needing runtime visibility into tracker behavior and data flows
  • Full application & domain inventory
  • Mapped data flows & tracker behavior analysis
  • AI remediation assistant & smart alerts
  • REST API & Slack integration
  • Weekly reports

Professional

Up to 50 websites
Best for:
Enterprise privacy programs managing multi-site compliance obligations
  • Everything in Standard
  • OneTrust integration
  • Privacy Rating (peer benchmarked)
  • Executive reports & privacy policy settings
  • Consolidated view across all properties
  • Dedicated Customer Success partner

Add-ons

Available on both tiers
  • Consent Dashboard Validates real-time tracker behavior against user consent choices
  • HIPAA Dashboard Specialized monitoring for healthcare web properties handling PHI

Offensive Hub

Agentic continuous web penetration testing.

Guaranteed coverage — not best effort. Every endpoint, every attack category, every run. Built for production apps with authentication, business logic, and real-world complexity.

Standard

Continuous baseline pentesting
Best for:
Continuous testing across production and pre-production environments
  • Multiple testing agents
  • Scheduled & release-based testing
  • Formal PDF reports with reproduction steps 
& evidence
  • REST API & CI/CD integration
  • Slack alerts for high-severity findings

Professional

Complete governance
Best for:
Large AppSec teams managing multi-app portfolios with formal governance requirements
  • Everything in Standard
  • Portfolio-wide policies & consolidated visibility
  • Executive reporting & SLAs
  • OneTrust / GRC integration
  • Full Security Hub integration

Free Evaluation Credits

See the product first
Best for:
Teams evaluating agentic pentesting before committing
  • Credits for ~3 full test runs
  • One configured testing agent
  • Full access to the testing platform

PCI Module

Remote, agentless PCI DSS 4.0.1 compliance for requirements 6.4.3 and 11.6.1

Zero audit observations across every published customer case study. Available standalone or as part of Security Hub.

Agentless PCI DSS Module

Best for:
Merchants needing audit-ready compliance without code changes or developer involvement
  • Continuous payment page script monitoring
  • iFrame & 4th-party script detection
  • AI-assisted business justifications
  • Smart Approval — define once, auto-approve at scale
  • Real-time HTTP header change detection (11.6.1)
  • One-click QSA evidence export
  • Full-site coverage beyond the payment page
  • Bulk Approval across multiple sites in one action
  • Aggregated multi-site compliance report
  • Custom workflows & escalations
  • Dedicated compliance success support