Sample Scan Report

See what a CheckYourVibe scan looks like

Good news

14 checks passed

What needs work

1 critical 1 medium 1 low

Let's get to work!

0% complete

0verified

0fixed

0ignored

3remaining

Re-scan to verify your fixes and move resolved issues off the list.

critical

Your Stripe API Key is Visible

What's happening

Your secret Stripe key (sk_test_...) is in your JavaScript file that anyone can view in their browser. Someone could use this key to create fake charges or steal customer data.

Evidence

Found in /assets/main.js: sk_test_51H...redacted

How to fix this

My Stripe secret key is exposed in my client-side code. Move it to a server-side environment variable and create an API endpoint to handle Stripe operations securely. I'm using Next.js with Vercel.

medium

Missing Security Headers

What's happening

Your site is missing important security headers that help protect your users' browsers from common attacks like clickjacking and cross-site scripting.

Evidence

Missing: X-Frame-Options, Content-Security-Policy, X-Content-Type-Options

How to fix this

My website is missing security headers: X-Frame-Options, Content-Security-Policy, and X-Content-Type-Options. Add these headers to my server configuration. I'm deployed on Vercel.

low

Outdated Dependencies Found

What's happening

Some of your JavaScript dependencies have known security patches available. Updating them reduces your exposure to known vulnerabilities.

Evidence

lodash@4.17.20 → 4.17.21 (prototype pollution fix)

How to fix this

Update my project dependencies to their latest secure versions. Specifically, update lodash to at least 4.17.21 to fix a prototype pollution vulnerability. Run the update and check that tests still pass.

1 of 3

Want to see YOUR app's results?

Free scan, no credit card required.

Scan My App Free