shield

SafeCheck

Security Scanning for Supabase Apps

Quick, affordable, and comprehensive security scans for your website.

> Building with AI? Scan for common security mistakes LLMs make in generated code

travel_explore

Scan Your Website

lock_outline

No Scan Results Yet

Enter your website URL to run a free security scan.

speed

Fast & Simple

Get security results with our free basic scan. Upgrade for a comprehensive analysis with our full report.

payments

One-Time Payment

No subscriptions or recurring bills. Just pay per scan when you need a scan.

insights

Security Insights

Identify important security issues in your website to improve your overall security posture.

Our Comprehensive Security Scan

SSL/TLS Security

We check for certificate expiration, protocol versions, and redirection configurations.

  • check_circleCertificate expiration detection
  • check_circleWeak protocol versions detection
  • check_circleInsecure redirection
  • check_circleHSTS header presence

Security Headers

We check for the presence and configuration of HTTP security headers.

  • check_circleContent Security Policy checks
  • check_circleX-Frame-Options configuration
  • check_circleX-Content-Type-Options checks
  • check_circleStrict-Transport-Security setting
  • check_circleX-XSS-Protection header
  • check_circleReferrer-Policy configuration

Cookie Security

We examine cookie attributes and configurations in HTTP responses.

  • check_circleSecure flag detection
  • check_circleHttpOnly flag detection
  • check_circleSameSite attribute analysis
  • check_circleCookie scope evaluation
  • check_circleCookie prefix examination

Exposed Files

We scan for common files that should be protected from public access.

  • check_circle.env file public access
  • check_circle.git repository file access
  • check_circleConfiguration file exposure
  • check_circleBackup file discovery
  • check_circleServer information exposure
  • check_circleDirectory listing detection

OWASP Vulnerabilities

We examine your website for indicators of common security issues.

  • check_circlePotential cross-site scripting (XSS)
  • check_circleCSRF token presence in forms
  • check_circleSQL injection indicators
  • check_circleCookie security configuration
  • check_circleClickjacking protection
  • check_circleJavaScript library version checks

Exposed Secrets

We look for patterns that match credentials in client-accessible code.

  • check_circleAPI key pattern matching
  • check_circleCredential-string identification
  • check_circlePassword leakage from HTML forms
  • check_circlePrivate key detection
  • check_circleJWT token presence
  • check_circleDatabase connection matching
  • check_circleEnvironment variable exposure

WordPress Security

For WordPress sites, we check specific WordPress security configurations.

  • check_circleWordPress version disclosure
  • check_circleKnown vulnerable plugin detection
  • check_circleUser enumeration possibilities
  • check_circleXML-RPC endpoint security
  • check_circleDebug log file exposure
  • check_circleInformation file exposure

Supabase Security

We identify Supabase implementations and check for common risks.

  • check_circleAnon key exposure check
  • check_circleRow-level security indicators
  • check_circleFunction invocation security
  • check_circleAccess control indicators
  • check_circleDatabase connection pattern detection

Stripe Integration

We check for secure Stripe implementation patterns.

  • check_circleAPI key pattern detection
  • check_circleHTTPS on payment forms check
  • check_circleClient-side validation code smells
  • check_circleTest key detection in production

API Security

We examine API response headers for important security flags.

  • check_circleCORS misconfiguration detection
  • check_circleRate limiting header presence
  • check_circleAuthentication header checks
  • check_circleRetry-After header checks
  • check_circleSecurity-related API headers

Frequently Asked Questions