Security

Security built into every request.

We describe the controls we use today so your team can make an informed decision.

Protected at the edge

Cloudflare edge protection, HTTPS, request validation, rate limits, and private-network blocking protect public audit requests.

Evidence with boundaries

The crawler follows same-origin pages, limits response size, rejects unsupported content, and does not present inferred browser performance as measured Core Web Vitals.

Short-lived data

Crawl evidence is kept briefly for processing. Shareable reports and rate counters expire automatically through managed storage.

Managed credentials

Provider credentials are stored as environment-managed secrets. They are never placed in client-side code or report content.