All launch resources
Security launch checklist

Security clearance before go-live

Baseline HTTP hardening, secret hygiene, and TLS health — the MUST-fix layer before any launch post, investor link, or production deploy gate.

Security & headers

Production deploys need baseline HTTP hardening before you share the URL.

  • HSTS enabled with max-age ≥ 6 months on production domain.

    Audit check SEC-001 · security

  • Content-Security-Policy configured for your stack.

    Audit check SEC-003 · security

  • No API keys or secrets in public JavaScript bundles.

    Audit check SEC-020 · dns ssl

  • Valid TLS certificate and chain on all public routes.

    Audit check DNS-001 · dns ssl

FAQ

Security launch launch questions

Is this a penetration test?

No. Launch Auditor runs automated baseline security checks on public URLs — headers, TLS, secret exposure, and crawl surface. Use dedicated pentest for authenticated flows.

Run your security clearance scan

Free tier · No credit card · Create account

Security Launch Checklist & Website Audit | Launch Auditor