You’re viewing an example audit
Fortivibe reviews your app for the security, data, reliability, and deployment issues that can turn a promising prototype into a production headache.
Run an Audit on My AppFix Prompt
Add a `csp` block to `joystick.app({ ... })` declaring `default-src 'self'` plus the specific origins you use (Stripe, Fathom, etc.). Start strict and relax only as needed.
Psst: this prompt should but is not guaranteed to fix the issue. Each tool (and the models they use) are different and outside of our control.
What does this mean?
A CSP header would prevent injected scripts from calling arbitrary origins even if an XSS slipped through.