This is a sample report. Scan your own app to get real results in under 60 seconds — free.
F
Security grade
2
Critical
1
High
2
Medium
5
Passed
Findings
Passed checks
✓
HTTPS enforced
All pages served over HTTPS. Valid TLS certificate.
✓
X-Content-Type-Options set
nosniff header present. Prevents MIME-type sniffing attacks.
✓
X-Frame-Options set
DENY header present. Prevents clickjacking via iframes.
✓
Referrer-Policy set
strict-origin-when-cross-origin. Controls referrer header leakage.
✓
No service role key detected
Supabase service_role key not found in public JavaScript.
This was a sample
Is your app exposing the same issues?
Scan your Lovable, Bolt, Cursor, or Replit app free in under 60 seconds. No account. No credit card.