Probes a domain for WebAuthn / passkey signaling on the homepage and common endpoints. Reports detected COSE algorithm IDs (all classical today) and surfaces the FIDO Alliance PQC roadmap migration considerations. Pairs with the PQC Analyzer for the TLS layer.
Read the story behind this tool: Why WebAuthn / Passkey Posture Audit Exists →
Probes /, /.well-known/webauthn, /api/webauthn/options, /webauthn/begin-registration, common Auth0 / Clerk / Stytch / SuperTokens paths. CORS may block deep options-fetch on most apex domains; the audit falls back to HTML signals.