Do I need to install anything?+
No. Codifie Scan is a passive black-box scanner — paste a URL and we hit it from the outside, just like a real attacker would. No CLI, no agent, no SDK, no code changes.
Will scanning my site break anything?+
Passive scans are read-only — they only fetch public URLs your browser already fetches. Active DAST tests are opt-in, rate-limited to 1 request per second, identify themselves with an X-Scanner header, and require you to verify ownership of the domain first.
Is this useful for AI-built sites specifically?+
Yes — AI coding tools love to inline secrets, ship sourcemaps, and skip security headers. Our scanner is tuned for the patterns we see in Lovable, Bolt, v0, Cursor, and Replit exports. Every finding includes an AI fix prompt you can paste straight back into the same tool.
What does each scan check?+
15 security modules (secrets, headers, TLS, cookies, CORS, sourcemaps, mixed content, subdomain takeover, third-party scripts, DNS/email, exposed dev interfaces, error disclosure, robots/sitemap, caching, sensitive paths), 6 performance modules (Core Web Vitals, resources, network, JS, server response, mobile), 5 accessibility modules (contrast, keyboard, screen-reader, semantic HTML, forms), and 5 SEO modules (meta tags, social, structured data, crawlability, mobile SEO).
How is this different from Lighthouse or Snyk?+
Lighthouse only measures performance and surface-level SEO. Snyk needs your source code and focuses on dependencies. Codifie Scan runs against your live URL, covers security + performance + accessibility + SEO in one report, and writes the fix for you. Think of it as Lighthouse + OWASP ZAP + Gitleaks + a developer-grade AI assistant, in a 90-second pass.
Do credits expire?+
Never. Credits roll over indefinitely and work across any number of domains. If you decide it isn't for you within 30 days, we'll refund any unused credits.