Transport
HTTPS enforcement, redirects, and strict transport protections.
SECURITY PREFLIGHT FOR RAPIDLY BUILT APPS
A safe, explainable website security preflight for apps built with ChatGPT, Gemini, Replit, Base44, and modern development tools.
HTTPS enforcement, redirects, and strict transport protections.
Content security, framing, MIME handling, and cross-origin isolation.
Secure, HttpOnly, and SameSite attributes when observable.
Referrer, permissions, and server-information disclosure signals.
BUILT FOR ACTION
Each issue includes severity, why it matters, and implementation-ready guidance. Filter the report, copy fixes, or export it for your developer.
Private networks, credentials, custom ports, and literal IP addresses are rejected.
We inspect observable protections without crawling, signing in, or following redirects.
Export Markdown or JSON to document work and share with your team.
DEVELOPER MODE
The open-source CLI scans local projects for exposed secrets, unsafe code execution, insecure cookies, wildcard CORS, debug mode, and other common rapid-development mistakes without executing project code.
We inspect one public HTTPS response and its observable headers. We do not exploit vulnerabilities, crawl pages, follow redirects, scan ports, bypass authentication, inspect private systems, review source code from the website scan, check dependencies, or prove that a site is secure.