Back to dashboard

Sample report — demo data

This is a preview. Run your own scan to see real results.

Start your scan

Security Audit Report

https://example.com

Not Ready
42
Overall Score
2 critical findings
Security38/100
Authentication25/100
Performance & CDN45/100
SEO & GEO Readiness55/100
Architecture55/100
Scalability65/100
Maintainability50/100

Executive Summary

This application has 2 critical security issues that need immediate attention before launch. The most urgent is an exposed Stripe secret key in the frontend bundle and a Supabase users table without RLS. Additionally, the app is missing a Content-Security-Policy header, which increases XSS risk. Overall, the app is not ready for production deployment.

Findings (10 Categories)

SecretsDatabase/RLSHTTP SecurityAuthenticationPerformanceSEO/GEOTech StackArchitectureCostProduction Readiness

Cost Estimate

Estimated monthly cloud costs at scale: Vercel Pro ($20/mo) + Supabase Pro ($25/mo) + Stripe (~2.9% + $0.30/tx). At 1,000 users: ~$75/mo. At 10,000 users: ~$250/mo. At 100,000 users: ~$1,200/mo (may need dedicated DB).

Authentication Analysis

Authentication mechanisms detected: Supabase Auth + custom JWT (jsonwebtoken). Cookie security: missing Secure flag (2 cookies), missing HttpOnly flag (2 cookies), SameSite not set. CSRF protection: not detected. OAuth providers: GitHub, Google. Session risk: High — critical cookie security flags missing.

Performance & CDN

Cache strategy: no explicit Cache-Control. Compression: not detected. CDN: none. Render-blocking resources: 6. Image optimization: no WebP/AVIF, 40% lazy loading coverage. TTFB hint: served directly from origin — expect ~200-500ms TTFB for global users. Performance score: 45/100.

Tech Stack Analysis

DeepScan AI detected the following tech stack: Next.js 15 (App Router), React 19, Tailwind CSS v4, Supabase (PostgreSQL + Auth), Vercel (hosting), Stripe (payments). The app uses a monorepo structure with workspaces. Dependency management via npm. CI/CD configured with Vite and GitHub Actions.

SEO & GEO Readiness

Meta description is present but too short (95 chars — recommend 150-160). Open Graph tags are missing image and description. No JSON-LD structured data found. Missing hreflang tags. No XML sitemap detected. AI search readiness score: 45/100.

Scalability & Capacity

Single-server deployment on Vercel Pro. No database connection pooling. No CDN configured for static assets. API routes lack rate limiting. Estimated capacity: ~500 concurrent users before degradation. Microservices: 0 (monolithic architecture).

Fix Before Launch

  1. 1.Stripe secret key exposed in frontend — rotate your key immediately
  2. 2.RLS disabled on users table — all user data is publicly accessible
  3. 3.CSP header missing — XSS attack surface is open
  4. 4.Session cookies missing Secure/HttpOnly flags — auth tokens can be stolen
Scan your app — free

No credit card required · 1 free scan per month