New: CheckVibe MCP server — scan from Claude Code and Cursor nativelyRead the docs
Check Netlify-specific security configuration, headers, and deployment settings.
Overview
Netlify-hosted sites have platform-specific security settings that are often overlooked. Our scanner checks for proper _headers configuration, redirect rules, deploy preview access, and Netlify-specific security features.
What this scanner does
Detects Netlify hosting and checks _headers file configuration, _redirects rules for open redirect risks, deploy preview authentication, form handling security, and serverless function exposure.
Why it matters
Netlify's default configuration may not include all recommended security headers. Deploy previews can expose unreleased features, and Netlify Forms can be abused for spam without proper configuration.
Common findings
OWASP Top 10 coverage
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Related checks
Configuration Audit
Check if your site has the right HTTP security headers to prevent common attacks.
Infrastructure Check
Audit Vercel-specific security settings, headers, and deployment configuration.
Infrastructure Check
Audit Cloudflare configuration, WAF settings, and CDN security features.
