Feature
The free scan runs 170+ automated checks and gives you a score. The deep assessment goes further. It adds an AI-powered analysis layer that examines your application from the inside out.
We don't just check your headers. We download your JavaScript bundles and search for exposed API keys, system prompts, and configuration secrets. We check if source maps are publicly accessible. If they are, your entire source code is readable by anyone with a browser.
We compare what your trust page claims against what we can actually observe. If you claim SOC 2 but your DMARC is set to none and tracking fires before consent, we document the gap. Not speculation. Observable evidence.
Each scan is analyzed individually. Not pattern-matched against a database of known issues. The analysis follows leads, connecting discoveries across different checks. An exposed source map might reveal an internal API endpoint. That endpoint might respond without authentication. That combination is more significant than either finding alone.
This is why the deep assessment finds things that automated scanners miss. It doesn't just check a list. It investigates.
Every finding includes exactly what to fix and how. Not "improve your security headers." Specific, actionable steps.
location ~* \.map$ { return 403; }