One-hour pre-share scan
The minimum outside-in pass before posting the URL.
- Fetch headers for the homepage and auth routes
- Probe common exposed files and source maps
- Search client bundles for secret-shaped strings
- Request API routes from a clean logged-out session