Skip to content
TaskBounty

Free instant scan

See what your app leaks to any visitor

Paste your app URL. We read only what a browser already downloads and check your database access from the outside, then show you exactly what is exposed. No login, no writes, free.

Email me the full report (optional)

Read-only: the scan reads only what a browser already downloads and checks your database access from the outside. It never writes data, never logs in, and only runs on apps you confirm you control.

What the instant scan looks for

  • Exposed Supabase / Stripe / OpenAI / AWS keys in the browser bundle
  • Open Supabase or Firebase databases your public key can read
  • Reachable .env, .git, and source-map files
  • Missing HTTPS, weak headers, and dangerous CORS

JavaScript and TypeScript apps today. The instant scan is passive and outside-in; a deeper authenticated review (access-control / IDOR) is available on request.