← Back to home
Security
Security & Scope Transparency
Last updated: April 20, 2026
What URLRay Checks
- HTTPS and transport trust signals
- SEO basics (title, meta, headings, crawl signals)
- Accessibility indicators (labels, alt text, language)
- Trust policy and contact signal presence
- Performance and PageSpeed Insights context
- Rendered-page evidence in paid reports
What URLRay Does Not Check
- Authenticated admin panels or private internal systems
- Full penetration testing or exploit verification
- Complete plugin/theme vulnerability inventories
- Custom server-side source code review
- Legal compliance certification
Platform Security Controls
URLRay enforces server-side access checks for paid content, verifies Stripe webhook signatures, uses secure cookie settings for owner access, and applies scan URL validation with internal-network protections to reduce SSRF risk.
Automated Scan Limitations
Automated audits can produce false positives and false negatives. Use URLRay as prioritized diagnostic guidance and validate critical findings manually before production changes.
Data and Access Confidence
URLRay stores report data server-side, keeps payment processing with Stripe, and does not require CMS admin credentials for standard scans.
Security Contact
To report a security concern, contact support@urlray.com.