Techlogia — AI and Web Development Berlin

Free Tool · techlogia.de

Vibe Check.No Bullshit.

Scan your website in 10 seconds for typical vibe-coded patterns, security gaps, server hardening, German legal requirements, SEO issues and performance signals – over 55 checks, live and free.

55+

checks per scan

7

categories

~10s

scan duration

0 €

to use

Domain is enough — https:// is added automatically · localhost and private IPs are blocked

What gets checked

Seven categories, over 55 checks

Sicherheit

HTTP security headers (HSTS, CSP, X-Frame-Options), mixed content, leaked API keys (AWS, Stripe, OpenAI, Anthropic, GitHub, Google), dangerous JavaScript patterns and exposed source maps.

Server-Härtung

Server hardening: critical paths publicly reachable (.env, .git, server-status, phpinfo, wp-config, /actuator, /metrics), cookie security flags (Secure/HttpOnly/SameSite), WAF/CDN detection, HSTS preload and RFC 9116 security.txt.

Vibe-Code

Dev servers in production (Vite/Webpack/Next.js HMR), tool watermarks (Lovable, v0, bolt.new), AI conversation residue, markdown code fences, boilerplate titles and placeholder data.

§

Deutsches Recht

Impressum (§5 TMG), privacy policy (GDPR), granular cookie consent (§25 TDDDG), Google Fonts risk, T&C and right-of-withdrawal requirements for shops.

SEO

Meta title and description, Open Graph, canonical URL (preview-domain detection), noindex trap, H1 structure, viewport, charset, favicon and robots.txt.

Barrierefreiheit

Image alt text, generic alt patterns, HTML lang attribute with language-mismatch detection and semantic landmarks (main/header/footer/nav).

Performance

HTTP compression (gzip/brotli/zstd), HTTP/3 availability via alt-svc, HTML payload size and indicators for inlined JS bundles.

Security Index DE

Who's doing it right — and who isn't?

Weekly automated checks: DAX corporations, largest online shops, banks, insurers. Click a domain for details and score history.

No public scans yet.

Background

What is Vibe Code?

"Vibe Coding" describes a practice where code generated by AI assistants (Claude, ChatGPT, Cursor, Copilot, v0, Lovable, bolt.new) is deployed to production without deeper understanding or review – by feel, by vibe.

The result usually works, but is full of telltale signs: defaults never replaced, debug code left in, security headers missing, German legal requirements ignored, secrets shipped in the browser bundle.

This scanner checks for the most common signatures found in real code reviews. It doesn't replace a full audit – but it quickly shows whether a site is production-ready or a vibe-coded quick-fix.

API keys in client bundle (AWS, Stripe, OpenAI, Anthropic, GitHub, Google)

Vite/Webpack/Next.js dev server deployed instead of production build

Mixed content – HTTP resources on HTTPS pages

No Impressum and no Privacy Policy (§5 TMG / GDPR)

AI conversation residue in content ("I've created…", "Here's the…")

Placeholder data (Lorem ipsum, Max Mustermann, test@example.com)

Default templates ("Get started by editing", "Vite + React", "count is")

Missing security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy)

Guides

More on vibe coding & security

Vibe Coding: the hidden security risksReadAPI keys in the frontend: how they leak & how to checkReadSpotting a dev server in productionReadHow to recognise unchecked AI codeRead

Get in Touch

Have a project?

Let's bring your idea to life together. We're happy to advise you with no obligation.

Get in Touch

How do you like this page?

Vibe Check – Scan your site for API-key leaks & AI-code risks