Build Log

Build Log: Static Site Security Scanner

A build note for a read-only scanner that checks public static-site security signals and outputs a small report.

Jun 22, 2026

Build Goal

The first version should scan a public site without login, collect response headers and public files, and produce a short report that can be pasted into an issue.

Scope

Keep the check narrow.

  1. Homepage status and redirects.
  2. Security headers.
  3. robots.txt, sitemap, and security.txt.
  4. CSP conflicts with analytics or ad scripts.
  5. Basic mixed-content and canonical URL checks.

Implementation Notes

The scanner should keep raw evidence with each finding. A report without evidence is hard to trust, especially when the fix affects headers or site verification files.

Risk

Avoid making claims about full security posture. The scanner only checks public hygiene signals.

Next Step

Build a local CLI first, run it against this site, and use the output to design the report format.