Free tools · no signup

Free security tools for vibe-coded apps.

Quick, genuinely useful checks that run right in your browser — nothing is stored. When you want the full picture across security, reliability, performance, and monitoring, run a free Launch Readiness Score.

Live · real DNS lookup

Email Security Checker

Check any domain's SPF, DMARC, and MX records — see if attackers can spoof your email. Real DNS-over-HTTPS lookup.

Open tool →
Live · privacy-safe

Password Breach Checker

See if a password has appeared in known breaches — checked via k-anonymity, so your password never leaves your browser.

Open tool →
Live · instant grade

Security Headers Analyzer

Paste your response headers and get an A–F grade with the exact headers to add (CSP, HSTS, X-Frame-Options, and more).

Open tool →
Live · 100% in-browser

Password Strength Checker

Test a password's strength and estimated crack time. Runs entirely client-side — nothing is sent anywhere.

Open tool →

What these tools check — and why it matters

AI coding tools build fast. Security configuration doesn't come with them. Every tool in this collection targets a gap that vibe-coded apps consistently miss before launch.

The Email Security Checker queries live DNS to confirm your SPF and DMARC records are in place. Without them, anyone can send email impersonating your domain — a trivial exploit that undermines customer trust before they've even signed up.

The Password Breach Checker uses the HaveIBeenPwned k-anonymity API: only the first five characters of your password hash ever leave your browser. No raw credentials are transmitted or stored.

The Security Headers Analyzer grades your HTTP response headers from A to F and tells you exactly which headers to add — CSP, HSTS, X-Frame-Options, and more. Missing headers are one of the fastest wins any developer can ship in under an hour.

These checks are a starting point. A single missing header doesn't tell you whether your database has row-level security, your API routes are rate-limited, or your auth tokens are scoped correctly. That's what a full Launch Readiness Score covers.

The full picture

These check one thing. We check everything.

A free tool tells you about one gap. A Launch Readiness Score tells you if your whole app is ready — across security, reliability, performance, and monitoring — in about 60 seconds.

Get my free score