Security Guides
Step-by-step instructions to fix the most common issues.
How to disable source maps in production
Source maps expose your original source code to anyone. Learn how to disable them for Next.js, Vite, CRA, Astro, Vue (Nuxt), Angular, and WordPress.
What is a source map? And why it's dangerous in production
A source map is a file that maps minified JavaScript back to your original source code. Here's what source maps are, why bundlers generate them, and why leaving them public in production exposes your code.
How to fix API key leaks in JavaScript bundles
API keys in your frontend bundle are readable by anyone. Learn the right way to handle secrets in Next.js, Astro, Vue (Nuxt), Angular, WordPress, and PHP.
How to add security headers to your web app
CSP, HSTS, X-Frame-Options and other headers protect against XSS, clickjacking, and MIME sniffing. Step-by-step for Next.js, Astro, Vue (Nuxt), Angular, Nginx, Apache, and Vercel.
How to fix TLS/SSL issues on your site
Outdated TLS versions, expiring certificates, and domain mismatches. How to diagnose and fix TLS problems depending on your hosting.
How to fix missing SEO and meta tags
Title, description, Open Graph, canonical, robots.txt — what each one does and how to add them in Next.js, Astro, Vue (Nuxt), Angular, WordPress, and Tilda.
Next.js security checklist: 10 things to check before you ship
A practical pre-deploy checklist for Next.js apps: source maps, leaked API keys, security headers, TLS, NEXT_PUBLIC_ secrets, server actions, CORS, and SEO. Each item with a quick way to verify.
Is your AI-generated app safe? Security checklist for Cursor, Claude Code & Codex apps
AI coding tools ship code that leaks secrets, exposes source maps, and skips security headers by default. Here's what to check in apps built with Cursor, Claude Code, or Codex — and how to fix it.