Security Guides
Step-by-step launch fixes for Supabase, Vercel, Cloudflare, and the stacks vibe coders ship on.
- Supabase
Secure Your Supabase App Before Launch
Supabase is fast to ship on and easy to leave wide open. Here are the four checks — RLS, policies, the service_role key, and storage — to run before real users arrive.
·9 min read
- Vercel
Security Headers for Next.js on Vercel
Most Next.js apps deploy to Vercel with no security headers at all. They don't change how your app looks — they just close easy gaps. Here's the copy-paste config.
·7 min read
- Cloudflare
Enable HSTS on Cloudflare in One Toggle
HSTS forces browsers to always use HTTPS. On Cloudflare it's a single toggle — no code, no deploy. Here's how to turn it on safely.
·4 min read
- General
Exposed API Keys in Vibe-Coded Apps
AI coding tools love to wire an API key straight into the frontend so the demo just works. That key ships to every visitor. Here's how to find, move, and rotate it.
·8 min read