Security
Existence Compiler · 2026
This page describes how Existence Compiler approaches security: what the system does, what it does not do, and how to report issues.
Security channel coming soon.
What the system does
Existence Compiler performs a passive public exposure audit. It sends HEAD requests to a limited set of known paths (robots.txt, sitemap.xml, potentially sensitive files) and checks HTTP security headers. This is equivalent to what any public crawler would do.
What the system does NOT do
The system does not exploit vulnerabilities. It does not attempt logins or brute-force attacks. It does not access private content or areas protected by authentication. It does not download or store content from analyzed sites. It makes no more than 12 additional requests per analysis, all with a 5-second timeout.
Audit scope
The audit checks publicly visible signals. If a path responds 200 with non-HTML content, it is reported as a finding. If it responds 401 or 403, it is reported as blocked access (not as confirmed exposure). 404 responses and redirects do not generate findings.
Responsible use
Existence Compiler should only be used on sites you own or for which you have explicit authorization from the owner. Use on third-party sites without authorization is the sole responsibility of the user.
Responsible vulnerability disclosure
If you find a vulnerability in Existence Compiler, we appreciate responsible disclosure. The reporting channel will be available soon. In the meantime, you can mention the finding through the project's social channels.