Google Cloud Armor defends against DDoS and web attacks — PageGuard monitors what users actually experience: accessibility compliance, Core Web Vitals, and SEO health.
Scan Your Website Free →💡 Tip: Use both — Cloud Armor for infrastructure security, PageGuard for front-end quality and ADA compliance. They solve entirely different problems.
PageGuard vs Google Cloud Armor — what each tool actually does
| Feature | PageGuard | Google Cloud Armor |
|---|---|---|
| What is it? | External website health monitor — scans any deployed URL for performance, accessibility, SEO, and best practices | Google Cloud Armor is a distributed denial-of-service (DDoS) defense and web application firewall (WAF) service from Google Cloud that protects applications and services exposed through Google Cloud Load Balancing; Cloud Armor uses security policies with preconfigured WAF rules (based on OWASP CRS), custom match rules (IP/CIDR-based, geo-based, HTTP header, URL path, request body), rate-based ban rules, and Google Threat Intelligence IP reputation data to block SQL injection, XSS, LFI, RFI, remote code execution, and bot abuse at the Google network edge across 100+ points of presence worldwide; Cloud Armor includes Adaptive Protection, an ML-based DDoS detection system that automatically generates suggested rules in response to traffic anomalies; Cloud Armor has no WCAG accessibility auditing, Core Web Vitals measurement, or SEO checking capability |
| Free tier | Yes — unlimited one-off scans, no signup required | No free tier — Google Cloud Armor is priced per security policy ($5/month per policy), per rule beyond the first 5 ($1/month per rule), per million requests ($0.75 for Cloud Armor Standard), and Adaptive Protection is included in the Managed Protection Plus subscription ($3,000/month); Cloud Armor Enterprise (formerly Managed Protection Plus) adds DDoS attack visibility, advanced threat intelligence, and DDoS response support at the enterprise subscription price; none of Cloud Armor's pricing tiers include accessibility auditing, Core Web Vitals scoring, or technical SEO analysis |
| Accessibility audit (WCAG / ADA) | Yes — WCAG 2.1 AA scored 0–100 with specific issue list | No — Google Cloud Armor is a network security service with no WCAG compliance checking capability; Cloud Armor security policies inspect incoming HTTP/HTTPS requests for attack signatures at the Google network edge — they do not analyze the HTML content delivered to end users; a site fully protected by Cloud Armor can still fail WCAG 2.1 AA with missing alt text (WCAG 1.1.1), insufficient color contrast (WCAG 1.4.3), broken keyboard navigation (WCAG 2.1.1), missing form labels (WCAG 1.3.1), and missing ARIA landmark roles — none of these are detectable by Cloud Armor's inspection layer |
| Core Web Vitals | Yes — LCP, CLS, FCP, TBT, Speed Index, TTI measured per scan | No — Google Cloud Armor does not measure or expose Core Web Vitals; while Google Cloud Armor is built on the same global infrastructure as Google Search and uses Google's network for DDoS mitigation, it does not have a Core Web Vitals monitoring capability; Cloud Armor's Cloud Logging metrics track allowed/denied requests, policy match rates, and rule preview counts — there is no LCP, CLS, FCP, or Lighthouse performance score; notably, Google's own Google Search Console provides Core Web Vitals data for real users, but that is a separate product entirely unrelated to Cloud Armor |
| SEO audit | Yes — meta tags, Open Graph, canonical URLs, structured data, hreflang, robots.txt compliance checked | No — Google Cloud Armor does not perform SEO audits; a specific irony is that Cloud Armor security policies can inadvertently block Googlebot — Google's own web crawler — if custom deny rules or rate-based bans match Googlebot's IP ranges or request patterns; while Cloud Armor's preconfigured rules include a Google reCAPTCHA bot management integration, Googlebot crawl rate impacts from WAF policy changes are not surfaced in Cloud Armor dashboards; PageGuard's SEO monitoring checks crawlability signals on every scan and can detect indexation issues caused by aggressive Cloud Armor policies |
| Performance score (0–100) | Yes — Lighthouse-powered composite score updated on every scan | No — Google Cloud Armor provides no Lighthouse-style performance score; Cloud Armor's Cloud Monitoring dashboards show request counts, policy match distributions, blocked request rates, and Adaptive Protection alert timelines — it does not provide a 0–100 performance score, Time to Interactive, First Contentful Paint, or any Lighthouse audit category breakdown |
| Best practices check | Yes — HTTPS, HTTP/2, deprecated APIs, console errors, safe browsing flagged | Partial — Google Cloud Armor enforces HTTPS when the backend load balancer is configured for SSL termination, and Cloud Armor's bot management integration with Google reCAPTCHA Enterprise helps prevent automated abuse; however Cloud Armor does not report on deprecated JavaScript APIs, browser console errors, HTTP/2 or HTTP/3 adoption (handled at Cloud Load Balancing level), mixed content warnings in HTML, or Lighthouse Best Practices audit items |
| DDoS protection | No | Yes — Google Cloud Armor provides industry-leading DDoS protection leveraging Google's global network infrastructure; Cloud Armor Standard provides always-on volumetric DDoS mitigation at Google's network edge (protecting against UDP floods, SYN floods, reflection attacks at the L3/L4 level) for no additional charge beyond request processing fees; Cloud Armor Adaptive Protection uses ML to detect and automatically generate mitigation rules for L7 application-layer DDoS attacks; Cloud Armor Enterprise adds guaranteed DDoS attack visibility, 24/7 DRT (DDoS Response Team) access, and SLA-backed protection commitments |
| Web Application Firewall (WAF) | No — PageGuard is a monitoring tool, not a security layer | Yes — Google Cloud Armor includes a fully managed WAF with preconfigured rule sets covering OWASP CRS (SQL injection, XSS, local file inclusion, remote file inclusion, remote code execution, scanner detection, PHP injection, session fixation, protocol attack, multiword attack); custom rules support CEL-based expressions (evaluateEnvironment, origin.region_code, request.path, request.method, request.headers, request.body); rate-based ban rules can automatically block IPs exceeding configurable thresholds per minute; bot management integrates with Google reCAPTCHA Enterprise to challenge suspicious traffic with adaptive challenges; named IP lists use Google Threat Intelligence for instant blocking of known malicious IP ranges |
| Google Cloud ecosystem integration | No — PageGuard is a standalone external scanner, not a Google Cloud service | Yes — Google Cloud Armor is natively integrated with Google Cloud Platform: attaches to global, regional, and internal HTTP(S) load balancers and Google Cloud CDN with a few clicks in the Google Cloud Console or via Terraform; security policy logs export to Cloud Logging with BigQuery and Pub/Sub export; integrates with Cloud Monitoring for alert policies and dashboards; supports Cloud IAM for granular access control; Adaptive Protection integrates with Cloud Armor policies for one-click rule activation; supports Google Cloud Armor Edge Security Policies for Cloud CDN and Media CDN backends |
| ML-based threat detection | No — PageGuard does not apply security threat intelligence | Yes — Google Cloud Armor Adaptive Protection is a machine learning system that baselines normal traffic patterns for each protected backend service and automatically detects volumetric DDoS attacks and application-layer anomalies; when Adaptive Protection identifies an attack, it generates a suggested Cloud Armor rule with the specific match conditions, action, and priority to mitigate the attack; operators can preview and deploy suggested rules directly from the Cloud Console; Adaptive Protection has been validated against attacks exceeding 46 million requests per second (the largest DDoS attack in history at time of disclosure) |
| ADA compliance alerts | Yes — automated alerts when accessibility score drops below threshold; ADA Title II urgency tracking | No — Google Cloud Armor has no capability to monitor WCAG accessibility score changes or alert on ADA compliance degradation; Cloud Monitoring alerts for Cloud Armor cover security events such as blocked request rate spikes, Adaptive Protection attack alerts, and rule preview match rates — it cannot detect accessibility regressions caused by CMS updates, theme changes, or new content introducing missing alt text or broken ARIA implementations |
| Primary use case | Monitor and improve website quality — accessibility compliance, performance, SEO health, best practices | Protect Google Cloud-hosted web applications and APIs from DDoS attacks, OWASP Top 10 vulnerabilities, SQL injection, XSS, and bot abuse using Google's global network infrastructure and ML-based Adaptive Protection |
Free WCAG audit, Core Web Vitals, SEO check — no signup needed. See your score in 30 seconds.
Works on any website — WordPress, Shopify, Next.js, custom builds