VibeShield Lite — passive public website security scanner
Paste a public URL and get a passive security snapshot. VibeShield Lite reads the same signals a browser and a careful reviewer would — security headers, transport security, cookies, CORS, exposed files, and email/DNS posture — and reports what is weak and how to fix it. It never exploits, brute-forces, or attacks the target.
What it checks
- Security headers — CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and cross-origin isolation.
- HTTPS / TLS — certificate validity, TLS version, HTTP-to-HTTPS redirect, and HSTS posture.
- Cookies — HttpOnly, Secure, and SameSite flags on the cookies the site sets.
- CORS policy — overly permissive Access-Control-Allow-Origin and related misconfigurations.
- Information exposure — source maps, exposed files, error-page leakage, and missing security.txt.
- Frontend security — inline scripts without nonce/hash and third-party scripts missing integrity (SRI).
- DNS / email — SPF, DKIM, DMARC, DNSSEC, and CAA signals.
What it does not do
VibeShield Lite is passive and public only. It does not run SQL injection or XSS attacks, does not brute-force or test credentials, does not bypass authentication or bot protection, and does not touch private or login-protected areas. Use it only for websites you own or are authorized to review.
Who it is for
Founders, small businesses, freelancers, and agencies who want a quick, honest read on a website's security posture and a clear, prioritized list of fixes.
FAQ
- What is VibeShield Lite?
- A free tool that runs a passive, public security snapshot of a website and reports issues in its security headers, HTTPS/TLS setup, cookies, CORS policy, exposed files, frontend scripts, and DNS/email posture.
- What does it check?
- Security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy), HTTPS/TLS and certificate posture, cookie flags, CORS policy, source map and information exposure, third-party frontend script risk, and SPF/DKIM/DMARC/DNSSEC email and DNS signals.
- Is it safe and legal to use?
- It performs passive, public checks only. It does not exploit, brute-force, bypass authentication, or send attack traffic to the target. Use it only for websites you own or are authorized to review.
- Does it store my report?
- The scan fetches the public URL you submit and returns a report you can read, copy, or download. It is a diagnostic, not a data-collection tool.
- How is this different from the Discovery Readiness Scanner?
- The Discovery Readiness Scanner measures whether a site can be found, understood, and acted on by search, AI, and agents. VibeShield Lite measures whether the site is technically safe and trustworthy — headers, transport, cookies, and exposure.
- Can Koray fix the issues it finds?
- Yes. Send the report and Koray can prepare a fixed-price security and website trust improvement plan.
Contact: darmadagan@hotmail.com · Upwork · LinkedIn · GitHub · X