plain-scan changelog

0.2.0 (2025-10-31)

Added HTTP status code audit to detect server errors (5xx) and client errors (4xx) (fc6b822)
Scan metadata now includes complete response information with all HTTP headers and cookies (7c1fb12, fc6b822)
Improved CSP Reporting-Endpoints validation to verify endpoint names are properly defined (c89eb33)
Removed overly strict CSP strict-dynamic suggestion for allowlist-based policies (14edaf4)
Removed www canonicalization check as it's not a security requirement (732b4c0)

Plain Scan now sends a custom user-agent header (plain-scan/<version>) with a link to the documentation (1f9978d)

Initial release of Plain Scan - a practical security scanner for production websites that checks for HTTP-level security misconfigurations.

On this page