What security testing should I do for a Netlify site?

Check that security headers are properly configured in your _headers file or netlify.toml. Verify that environment variables are scoped correctly and not leaked in client bundles or build logs. Test all serverless functions for authentication, authorization, and input validation. Confirm that source maps are excluded from production builds. Check deploy preview access restrictions. Verify that redirect rules do not create open redirects. Test CORS configuration on API endpoints. Ensure forms with Netlify Forms enabled have spam protection. UNPWNED runs all these checks automatically in a single scan and provides a prioritized list of fixes with actionable remediation steps.