SecureCheck AI Web Scanner

Tracking since May 20, 2026.

Changelog

• Jun 8, 2026
  description

  SecureCheck is a browser extension that scans websites for security 
  vulnerabilities. It is designed for developers who build websites 
  using AI-assisted tools and may not have a background in security.
  
  HOW IT WORKS
  
  Open the extension on any website and click Scan. SecureCheck 
  performs a local analysis covering four areas: HTTP security 
  headers, exposed sensitive files and endpoints, cookie security 
  attributes, and front-end source code. Results are displayed 
  immediately with severity ratings and fix recommendations.
  
  For each issue found, SecureCheck generates a ready-to-use prompt 
  that you can copy and paste directly into an AI assistant such as 
  ChatGPT or Claude to receive step-by-step fix instructions.
  
  WHAT IT CHECKS
  
  HTTP Security Headers: Strict-Transport-Security, 
  Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, 
  Referrer-Policy, Permissions-Policy, and others.
  
  Exposed Files and Endpoints: .env files, .git directories, API 
  documentation pages, admin panels, and other commonly exposed paths.
  
  Cookie Security: HttpOnly, Secure, and SameSite attributes on 
  all cookies set by the site.
  
  Source Code Analysis: Hardcoded API keys and secrets left exposed 
  in front-end code. Also detects unsafe coding patterns such as 
  direct DOM injection and dynamic code execution.
  
  PRIVACY
  
  All scanning is performed locally within your browser. No page 
  content, scan results, URLs, or personal data are ever transmitted 
  to any external server. The extension does not collect analytics 
  or usage data of any kind.
  
  PERMISSIONS
  
  activeTab and tabs: To identify the current page being scanned.
  scripting: To run the source code scanner on the current page.
  storage: To save your language preference and scan history locally.
  cookies (optional): To check cookie security attributes on the 
  site you are scanning. Requested only when you initiate a scan 
  and removed immediately after the scan completes.
  Host permission (optional): To fetch HTTP response headers from 
  the site you are scanning. Requested only for the current site 
  at scan time and removed after the scan completes.
  
  PRICING
  
  The extension includes 20 free scans. Unlimited access is 
  available as a one-time purchase of USD 20 with no subscription. 
  A license key is provided upon purchase and can be entered 
  directly in the extension to unlock unlimited use.
  
  COMPLIANCE REFERENCE
  
  Checks are based on OWASP Top 10 and CWE standards. The 
  extension covers 30 passively detectable vulnerability checks. 
  Back-end logic vulnerabilities require manual code review and 
  are outside the scope of this tool.

  SecureCheck AI Web Scanner helps people who build websites with AI review common browser-visible security risks before launch.
  
  Many AI-built websites look finished on the surface but may still expose risky frontend patterns, missing security headers, exposed files, weak cookie settings, mixed content, unsafe DOM usage, secret-like values in client-side code, localStorage token usage, eval usage, or external scripts without Subresource Integrity.
  
  SecureCheck AI Web Scanner gives users a practical first-pass review directly from the browser. After the user opens a website and starts a scan, the extension checks the active site and shows a plain-language report inside the popup.
  
  For each finding, the extension explains:
  - What was detected
  - Why it may matter
  - The affected browser-visible evidence
  - A copy-ready remediation prompt that can be pasted into an AI coding assistant
  
  Users should install SecureCheck AI Web Scanner if they want a lightweight way to review AI-built websites before shipping, especially when they need security guidance that is understandable and actionable without running a full security audit.
  
  How the extension works:
  - The user chooses the website by opening it in the active tab
  - The user starts the scan manually
  - The extension requests permissions only for the selected scan target when needed
  - The scan runs locally in the browser
  - The report is displayed in the extension popup
  - The user can copy remediation prompts and decide what to fix
  
  SecureCheck AI Web Scanner is passive. It does not modify the scanned website, exploit vulnerabilities, attack systems, submit forms, crawl private areas, or run background scans.
  
  Privacy and data handling:
  - No backend server
  - No account required
  - No analytics
  - No ads
  - No tracking pixels
  - No telemetry
  - No sale or sharing of user data
  - Scan results are kept in memory only during the extension session
  - Cookie values are not displayed, stored, or transmitted
  - Network requests are sent only to the website being scanned
  
  SecureCheck AI Web Scanner is a first-pass browser-visible review tool. It does not replace a professional security audit, backend code review, dependency audit, or penetration test.

• Jun 8, 2026
  name

  SecureCheck — Website Security Scanner

  SecureCheck AI Web Scanner

• Jun 8, 2026
  host_permissions

  https://api.gumroad.com/*

  (empty)

• Jun 8, 2026
  short_description

  Built for Vibe Coders: scan the site you just shipped for security holes and get AI fix prompts — no security knowledge needed.

  Free scanner for AI-built websites: find browser-visible security risks and copy AI-ready fix prompts.

• Jun 2, 2026
  description

  You built it with AI. Now make sure it's not wide open to hackers.
  
  SecureCheck is built for Vibe Coders — developers using Cursor, Lovable, Bolt, v0, or any AI tool to ship websites fast. AI tools are great at building features, but they often miss security basics. SecureCheck fills that gap.
  
  No security expertise required. Just open your site and scan.
  
  🔍 WHAT IT CHECKS
  • HTTP Security Headers — CSP, HSTS, X-Frame-Options, and 10+ more
  • Exposed Files — .env leaks, /admin pages, backup files, git repos
  • Cookie Security — HttpOnly, Secure, SameSite flags on every cookie
  • Source Code Patterns — inline scripts, mixed content, dangerous JS APIs
  
  📊 TWO SCORES, NOT ONE
  Security Score: how hardened is your site technically?
  Compliance Score: are you exposed to GDPR / legal risk?
  
  🤖 PASTE STRAIGHT INTO YOUR AI
  Every issue comes with a ready-to-use prompt. Copy it, paste it into ChatGPT or Claude, and get an exact fix for your stack — no Googling, no guessing.
  
  ✦ COPY ALL ISSUES AT ONCE
  One button. Every issue + fix prompt in formatted text, ready to drop into your AI chat.
  
  🔒 NOTHING LEAVES YOUR DEVICE
  • No accounts, no servers, no analytics
  • Scan results live in memory only — gone when you close the popup
  • Cookie names are partially masked — values are never read
  
  Covers 30 passively-detectable checks across OWASP Top 10.
  Built by a developer, for developers who ship with AI.

  SecureCheck is a browser extension that scans websites for security 
  vulnerabilities. It is designed for developers who build websites 
  using AI-assisted tools and may not have a background in security.
  
  HOW IT WORKS
  
  Open the extension on any website and click Scan. SecureCheck 
  performs a local analysis covering four areas: HTTP security 
  headers, exposed sensitive files and endpoints, cookie security 
  attributes, and front-end source code. Results are displayed 
  immediately with severity ratings and fix recommendations.
  
  For each issue found, SecureCheck generates a ready-to-use prompt 
  that you can copy and paste directly into an AI assistant such as 
  ChatGPT or Claude to receive step-by-step fix instructions.
  
  WHAT IT CHECKS
  
  HTTP Security Headers: Strict-Transport-Security, 
  Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, 
  Referrer-Policy, Permissions-Policy, and others.
  
  Exposed Files and Endpoints: .env files, .git directories, API 
  documentation pages, admin panels, and other commonly exposed paths.
  
  Cookie Security: HttpOnly, Secure, and SameSite attributes on 
  all cookies set by the site.
  
  Source Code Analysis: Hardcoded API keys and secrets left exposed 
  in front-end code. Also detects unsafe coding patterns such as 
  direct DOM injection and dynamic code execution.
  
  PRIVACY
  
  All scanning is performed locally within your browser. No page 
  content, scan results, URLs, or personal data are ever transmitted 
  to any external server. The extension does not collect analytics 
  or usage data of any kind.
  
  PERMISSIONS
  
  activeTab and tabs: To identify the current page being scanned.
  scripting: To run the source code scanner on the current page.
  storage: To save your language preference and scan history locally.
  cookies (optional): To check cookie security attributes on the 
  site you are scanning. Requested only when you initiate a scan 
  and removed immediately after the scan completes.
  Host permission (optional): To fetch HTTP response headers from 
  the site you are scanning. Requested only for the current site 
  at scan time and removed after the scan completes.
  
  PRICING
  
  The extension includes 20 free scans. Unlimited access is 
  available as a one-time purchase of USD 20 with no subscription. 
  A license key is provided upon purchase and can be entered 
  directly in the extension to unlock unlimited use.
  
  COMPLIANCE REFERENCE
  
  Checks are based on OWASP Top 10 and CWE standards. The 
  extension covers 30 passively detectable vulnerability checks. 
  Back-end logic vulnerabilities require manual code review and 
  are outside the scope of this tool.

• Jun 2, 2026
  host_permissions

  (empty)

  https://api.gumroad.com/*

Permissions & access

Permissions

activeTabscriptingtabsstorage

Host access

None declared

Screenshots