Run a lightweight scan of public-facing exposure. Detect exposed endpoints, misconfigurations, and leaked secrets — without accessing customers, orders, or any PII.
Three steps to your first security scan. No code changes required.
Add Axyom Risk Scanner to your Shopify store. No code changes or theme edits needed.
Enter your store URL and launch a lightweight, non-intrusive security scan from the Shopify Admin.
Get a risk score from 0–100 with actionable findings stored in your shop metafields.
We check publicly visible infrastructure only. No store data is ever accessed.
Detects publicly accessible admin and debug endpoints.
Checks for missing or misconfigured HTTP security headers.
Scans for exposed API keys, tokens, and credentials in public assets.
Validates certificate validity and protocol configuration.
Checks SPF, DKIM, and DMARC records for domain spoofing risk.
Identifies unnecessarily exposed network services.
Axyom never accesses customer data, orders, or any PII. Scans are server-to-server against publicly visible endpoints only.
We never read customers, orders, or private store data.
All scans run from our infrastructure against public endpoints only.
Risk scores are stored in your shop metafields. You own your data.
Enter your Shopify store domain to install or log in.
Yes, the base scan is free for all Shopify stores. Install the app, enter your store URL, and get your risk score at no cost.
None. We only scan publicly visible endpoints. We never access customers, orders, or store admin data. The app requires minimal permissions.
Most scans complete in under two minutes. You’ll see your risk score as soon as results are available.
Results are stored as metafields on your Shopify shop resource. You retain full ownership and can delete them at any time by uninstalling the app.
Yes. You can scan your store's primary custom domain and your .myshopify.com domain.