WADE learns what normal looks like — then watches for suspicious change.
WADE fingerprints your website over time and helps identify new scripts, changed code, unfamiliar domains, form changes, header regressions, and suspicious drift from your known-good baseline.
The difference between a scanner and WADE
Before WADE
No memory. No comparison. No history.
WADE added
With WADE
Baseline compared. Drift caught. Alert raised.
Security intelligence that remembers
WADE isn't a one-time scan result. It's a layer that builds understanding of your site over time and alerts on meaningful deviations.
Behavioral Fingerprinting
On first scan, WADE captures a comprehensive snapshot: every script, external domain, form, header, cookie, and structural DOM signature.
Scan-over-Scan Comparison
Each subsequent scan is compared against the stored baseline. WADE looks for what appeared, disappeared, or changed.
Anomaly Scoring
Changes are scored for significance. CDN cache drift, minor text changes, and version bumps are filtered out from genuine security signals.
Confidence-Scored Alerts
Only changes that cross the confidence threshold generate findings — new script domains, modified form targets, structural DOM shifts.
WADE requires at least 2 scans to detect anomalies.
The first scan establishes the baseline. Every subsequent scan compares against it.
From baseline to alert
See how WADE builds awareness over time and surfaces changes that matter.
First scan — fingerprint established
Baseline createdWADE records scripts, external domains, forms, headers, and DOM structure. This becomes your known-good baseline.
Regular scan — no changes detected
Clean scanSite matches baseline. Anomaly score remains low. Minor CDN cache variations are filtered automatically.
External script from unfamiliar domain appears
New script domainA new JavaScript file loaded from a domain not present in the baseline. WADE logs the domain and raises a LOW confidence finding.
Checkout form action URL changed
Form changeThe payment form now posts to a different endpoint than the baseline recorded. WADE flags this as a MEDIUM severity anomaly.
Multiple anomalies — security review triggered
WADE alertCombined anomaly score exceeds threshold. New inline script hash, changed form target, and an unfamiliar domain together warrant immediate review.
What WADE watches between scans
Eight categories of change that WADE compares across every scan pair.
New third-party domains
Domains not present in your baseline that your site now contacts for scripts, fonts, or API calls.
External script changes
Script files loaded from external CDNs or domains that changed path, version, or source entirely.
Inline script hash changes
Inline <script> blocks whose content changed between scans — a common indicator of injection attacks.
Form and action changes
HTML form action URLs that changed destination — especially relevant for checkout and login forms.
Security header regressions
Headers that were present in baseline scans but have disappeared or weakened in recent scans.
Cookie flag regressions
Cookies that lost their Secure, HttpOnly, or SameSite attributes between scans.
Page status changes
Pages that changed HTTP status codes — especially previously private paths becoming public.
Sensitive path changes
Newly discovered sensitive paths or previously probed paths that changed their response behavior.
The threats that only change detection catches
Most attacks on live websites don't come from zero-days — they come from changes introduced silently after your last security review.
Payment skimmers
JavaScript card skimmers are injected scripts on checkout pages that blend into existing content — invisible without baseline comparison.
Injected JavaScript
Malicious scripts added after deployment don't appear in a previous scan. Only WADE's comparison surfaces them.
Supply chain compromises
A plugin update or third-party SDK change can introduce malicious code that runs on your site without your knowledge.
Accidental security regressions
Deploys that silently remove CSP headers, weaken cookie flags, or expose debug endpoints are caught on the next comparison scan.
WADE vs a traditional security scanner
Traditional scanners and WADE are complementary — WebHound uses both.
Where WADE is heading
WADE is designed to evolve toward smarter, more adaptive anomaly intelligence. The following capabilities are on our roadmap — not yet available in all plans.
WADE Intelligence — Future Roadmap
These are planned directions, not current features.
- 1
Smarter anomaly classification that learns from your site's normal change patterns over time.
- 2
Adaptive confidence thresholds that adjust to your site's deployment cadence and traffic.
- 3
Targeted deeper checks triggered automatically when high-risk anomalies are detected.
- 4
Historical behavior trends and anomaly score charts across your entire scan history.
- 5
AI-assisted finding explanations that describe why a specific change should concern you.
WebHound is built iteratively. The current version of WADE provides baseline comparison, anomaly scoring, and confidence-based alerts.
Start building your website security baseline.
Your first scan creates the baseline. Every scan after that, WADE is watching. Free to start — no installation required.