June 2026 Held
Passive surface read

outrank.so

C

We read outrank.so from the outside only. A handful of things stood out, none of them exotic. We hold the specifics until the team has had a chance to fix them.

5
items held
9
passive checks
Jun 2026
read on

What we read from the outside

Only what any visitor can load. No login, no probing, no payloads.

  • Response headers (HSTS, CSP, frame and content-type policies)
  • Public JavaScript bundles for hardcoded keys or secret endpoints
  • Common config paths (.env, .git, backups, source maps)
  • DNS records and email auth (SPF, DMARC)
  • TLS version and certificate
  • Open directory listings and verbose error pages

What we found

Details withheld

A handful of fixable gaps on the public surface. Details held.

We are keeping the specifics off this page at the owner's request. The grade reflects what we saw from the outside. The owner can ask us to publish the full read or remove this entry at any time.

How we handled it

  1. Jun 30, 2026
    Read passively from the outside. We hold the specifics until the owner has had a chance to fix them.
How we graded this

The grade is a read of what is exposed to anyone, not a full audit. A means nothing sensitive was in the open. F means something sensitive was reachable with no login. We never test beyond what a browser loads on its own, and we disclose privately before anything goes public.

What to take away

  • A few common gaps, all fixable.
  • Nothing here needed a login or a payload to spot.
  • We hold the specifics until they can be fixed.

Find your unnoticed bug before someone else does.

buggy.run signs in, captures your real traffic, and hunts the quiet flaws that scanners miss. You get every finding in plain English with the fix.