Daily scan for secrets accidentally exposed in URLs
A new daily scan flags requests where what looks like an API key, access token or password ended up in a URL — usually a logging or redirect bug. Hits raise an alert.
URLs that end up in your logs sometimes contain things that shouldn't be there: a short-lived API key tacked onto a redirect, a password leaked into a query string by a misconfigured form, a session token bounced through an analytics pixel.
A new daily scan walks recent requests and flags any URL that matches known secret patterns (token, API key, password, bearer prefixes). Anything found raises an alert so you can find the upstream bug before the credential turns up in a screenshot or a third party's logs.
← New persona-led marketing site, compare pages, free toolsClient classification panel and drill-down on the dashboard →
← All changelog entries