Public Website Security Sweep
What this page covers
This page gives a practical Hermes-assisted checklist for public website security sweeps: verify what anonymous users can see, confirm headers and robots/indexing choices, inspect forms/downloads, and keep private portal data out of public routes.
Hermes changes quickly, so treat the official documentation as the source of truth and use the built-in CLI to inspect the local install before editing config by hand.
Fast path
```bash
curl -I https://example.com/
```
```bash
curl -sS https://example.com/robots.txt
```
```bash
curl -sS -o /dev/null -w "%{http_code} %{content_type}\n" https://example.com/wiki
```
```bash
hermes chat --toolsets web,browser -q "Verify this public page as an anonymous user and summarize console/network issues."
```
Practical checklist
- Check anonymous home, landing, wiki/docs, download, and article routes.
- Confirm private/admin navigation, owner dashboards, private storage URLs, and customer data are absent from public HTML.
- Verify security headers such as CSP where used, plus cache headers appropriate for public vs private pages.
- Test direct asset URLs for gated downloads; public cards should not leak ungated source files when lead capture is required.
- Check robots/sitemap/noindex choices match launch status.
Common pitfalls
- Only checking the rendered browser view and missing HTML/source leaks.
- Adding analytics or third-party scripts without updating CSP and live collector checks.
- Copying a whole private data folder into a public Docker image just to serve one public JSON file.
- Leaving preview routes discoverable in nav, sitemap, or robots when they should be exact-URL only.
Verification checklist
- Anonymous `curl` checks return expected 200/30x/40x codes.
- Browser console and network panel show no obvious blocked critical assets or private endpoint calls.
- Public pages contain no owner-only links/data.
- Robots/sitemap/indexing state matches the intended public or preview status.
Official reference
https://hermes-agent.nousresearch.com/docs/user-guide/features/tools/
