Frontguard by Pubflow

Friendly client-side security audits for modern web apps.

Frontguard is a local-first client-side security scanner for modern web apps. It helps developers review browser-visible risks before they become production incidents. Use Frontguard to scan the current tab for exposed secrets, public frontend environment variables, risky client-side storage, security header gaps, framework signals, BaaS/auth configuration, and suspicious network behavior. Frontguard supports safe passive scans and opt-in deep active scans. Safe scans inspect loaded assets, storage, visible cookies, headers, and resource signals without replaying requests or modifying data. Deep active scans only start when you explicitly enable them, then locally observe fetch/XHR traffic while you use the app. What Frontguard can help detect: Exposed API keys and secret-like values: Supabase, Firebase, Clerk, Auth0, Cognito, Appwrite, Hasura, Sanity, and Contentful client-side signals Stripe publishable vs secret key exposure Public frontend env variables such as VITE_*, NEXT_PUBLIC_*, PUBLIC_*, REACT_APP_*, and more Sensitive data in browser storage Request/response patterns that may expose auth, billing, tenant, role, or user data GraphQL and introspection signals Missing or weak security headers such as CSP, HSTS, Referrer-Policy, Permissions-Policy, and CORS IndexedDB and Cache Storage persistence signals Framework signals for Vite, React, Next.js, Nuxt, SvelteKit, Astro, Angular, and others Frontguard is designed to be friendly, defensive, and non-invasive. It does not brute force, replay requests, submit forms, mutate data, or upload scan evidence. Results stay local in your browser, and sensitive values are masked by default. Built by Pubflow for developers who want clearer client-side security reviews without vendor lock-in.