Frontguard by Pubflow

About

Frontguard is a local-first client-side security scanner for modern web apps. It helps developers review browser-visible risks before they become production incidents.

Use Frontguard to scan the current tab for exposed secrets, public frontend environment variables, risky client-side storage, security header gaps, framework signals, BaaS/auth configuration, and suspicious network behavior.

Frontguard supports safe passive scans and opt-in deep active scans. Safe scans inspect loaded assets, storage, visible cookies, headers, and resource signals without replaying requests or modifying data. Deep active scans only start when you explicitly enable them, then locally observe fetch/XHR traffic while you use the app.

What Frontguard can help detect:

Exposed API keys and secret-like values:
Supabase, Firebase, Clerk, Auth0, Cognito, Appwrite, Hasura, Sanity, and Contentful client-side signals
Stripe publishable vs secret key exposure
Public frontend env variables such as VITE_*, NEXT_PUBLIC_*, PUBLIC_*, REACT_APP_*, and more
Sensitive data in browser storage
Request/response patterns that may expose auth, billing, tenant, role, or user data
GraphQL and introspection signals
Missing or weak security headers such as CSP, HSTS, Referrer-Policy, Permissions-Policy, and CORS
IndexedDB and Cache Storage persistence signals
Framework signals for Vite, React, Next.js, Nuxt, SvelteKit, Astro, Angular, and others
Frontguard is designed to be friendly, defensive, and non-invasive. It does not brute force, replay requests, submit forms, mutate data, or upload scan evidence. Results stay local in your browser, and sensitive values are masked by default.

Built by Pubflow for developers who want clearer client-side security reviews without vendor lock-in.