Security Score: 90/100

Security & Trust

TradeClaw is built with security-first principles. Open source, self-hostable, and transparent — so you can verify every claim yourself.

100% Open Source

Every line of code is publicly auditable on GitHub. No hidden backdoors, no obfuscated logic.

Self-Hostable

Run TradeClaw on your own infrastructure. Your data never leaves your server.

Responsible Disclosure

We follow industry-standard vulnerability disclosure via GitHub Security Advisories.

No Tracking

Zero analytics trackers, no third-party cookies, no fingerprinting. Your trading data stays private.

OWASP Top 10 Compliance

8 2

Security Headers

Content-Security-Policy

default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self' https:; frame-ancestors 'none'

X-Content-Type-Options

nosniff

X-Frame-Options

DENY

Referrer-Policy

strict-origin-when-cross-origin

Permissions-Policy

camera=(), microphone=(), geolocation=()

Vulnerability Disclosure

Found a security vulnerability? We take all reports seriously and follow responsible disclosure practices. Please report vulnerabilities through GitHub Security Advisories.

Report a Vulnerability Security Policy

Security API Endpoints

GET /.well-known/security.txt

security.txt

RFC 9116 security contact

GET /api/security/audit

Audit API

JSON audit report

GET /api/security/headers

Headers API

Security headers config

TradeClaw is open source. Verify our security claims yourself.

View Source on GitHub