Group

You’re viewing an example audit

Fortivibe reviews your app for the security, data, reliability, and deployment issues that can turn a promising prototype into a production headache.

Run an Audit on My App

Fix Prompt

Add a `csp` block to `joystick.app({ ... })` declaring `default-src 'self'` plus the specific origins you use (Stripe, Fathom, etc.). Start strict and relax only as needed.

Psst: this prompt should but is not guaranteed to fix the issue. Each tool (and the models they use) are different and outside of our control.

What does this mean?

A CSP header would prevent injected scripts from calling arbitrary origins even if an XSS slipped through.