Foundational security assessment covering HTTP security headers, transport security configuration, and basic security hygiene to protect against common web attacks.
21
Total Checks
3
Delivery Formats
3
Categories
6
Versions
Included
Never included
Tier change: free → paid as part of v2.0 Slop Detector pricing reset (Stack Scan remains the only free audit).
2026-04-13
Quality hardening: added counting/enumeration to 7 checks (cookies, SRI, CORS, env, dependencies), numeric thresholds for HSTS max-age/dependency age/permissions-policy, expanded 7 short pass criteria with specific conditions, added 4 cross-references to related audits, added quoting instructions to 2 checks (secrets, error pages), added negative guardrails to 3 checks (HSTS, CSP, secrets), added measurement-on-pass to 2 checks (HSTS, dependencies)
2026-04-02
Added Step 3 submission instructions to chunked format; improved Step 3 in full format (paste URL is now primary submission method)
2026-03-01
Adversarial testing improvements: tighten check criteria, fix ambiguous pass/fail boundaries, improve skip criteria cross-references, enhance remediation guidance
2026-02-27
Hardened curl commands with -sS -L flags for redirect following and error visibility. Added response validation guidance to Step 3.
2026-02-23
Initial release
2026-02-20
Picked by pack overlap with this audit.
Deep inspection of environment variable handling, secrets storage patterns, and runtime configuration security.
Advanced security header configuration quality — evaluates whether headers are configured correctly, not just present. Sequel to Security Headers & Basics.
Data handling assessment across the AI processing pipeline, covering storage, retention, PII protection, and user control over third-party model data sharing.
Safety assessment against prompt injection attacks, identifying vulnerabilities where untrusted user input might cause the AI to ignore instructions or exfiltrate data.
Comprehensive security audit for REST and GraphQL APIs, covering authentication, authorization, input validation, and protection against OWASP API Top 10 threats.