Free Tool · techlogia.de
Scan your website in 10 seconds for typical vibe-coded patterns, security gaps, server hardening, German legal requirements, SEO issues and performance signals – over 55 checks, live and free.
55+
checks per scan
7
categories
~10s
scan duration
0 €
to use
What gets checked
HTTP security headers (HSTS, CSP, X-Frame-Options), mixed content, leaked API keys (AWS, Stripe, OpenAI, Anthropic, GitHub, Google), dangerous JavaScript patterns and exposed source maps.
Server hardening: critical paths publicly reachable (.env, .git, server-status, phpinfo, wp-config, /actuator, /metrics), cookie security flags (Secure/HttpOnly/SameSite), WAF/CDN detection, HSTS preload and RFC 9116 security.txt.
Dev servers in production (Vite/Webpack/Next.js HMR), tool watermarks (Lovable, v0, bolt.new), AI conversation residue, markdown code fences, boilerplate titles and placeholder data.
Impressum (§5 TMG), privacy policy (GDPR), granular cookie consent (§25 TDDDG), Google Fonts risk, T&C and right-of-withdrawal requirements for shops.
Meta title and description, Open Graph, canonical URL (preview-domain detection), noindex trap, H1 structure, viewport, charset, favicon and robots.txt.
Image alt text, generic alt patterns, HTML lang attribute with language-mismatch detection and semantic landmarks (main/header/footer/nav).
HTTP compression (gzip/brotli/zstd), HTTP/3 availability via alt-svc, HTML payload size and indicators for inlined JS bundles.
Background
"Vibe Coding" describes a practice where code generated by AI assistants (Claude, ChatGPT, Cursor, Copilot, v0, Lovable, bolt.new) is deployed to production without deeper understanding or review – by feel, by vibe.
The result usually works, but is full of telltale signs: defaults never replaced, debug code left in, security headers missing, German legal requirements ignored, secrets shipped in the browser bundle.
This scanner checks for the most common signatures found in real code reviews. It doesn't replace a full audit – but it quickly shows whether a site is production-ready or a vibe-coded quick-fix.
API keys in client bundle (AWS, Stripe, OpenAI, Anthropic, GitHub, Google)
Vite/Webpack/Next.js dev server deployed instead of production build
Mixed content – HTTP resources on HTTPS pages
No Impressum and no Privacy Policy (§5 TMG / GDPR)
AI conversation residue in content ("I've created…", "Here's the…")
Placeholder data (Lorem ipsum, Max Mustermann, test@example.com)
Default templates ("Get started by editing", "Vite + React", "count is")
Missing security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy)
Get in Touch
Let's bring your idea to life together. We're happy to advise you with no obligation.
Get in Touch →