Pricing, costs, and traffic

There is no charge for using Web Security Scanner. However, using Web Security Scanner impacts App Engine instance quota limits, bandwidth (traffic) charges, and quotas for API calls to App Engine services, such as mail, search, and so on. The actual amount of traffic generated from a scan depends on the application and the number of URLs, event handlers, forms, and parameters.

Web Security Scanner is optimized to keep traffic to a minimum. By default, the scan rate is throttled to approximately 15 queries per second (QPS), with slight variations in the rate due to the asynchronous nature of many web applications. Currently, a large scan stops after 100,000 test requests, not including requests related to site crawling. Site crawling requests are not capped.