Any tier · 8 specialized tests

Shopify Storefront Security

Liquid SSTI, storefront API abuse, theme XSS

€49 Add to Scan

What Gets Tested

Liquid SSTI in custom apps
Storefront API abuse patterns
Theme XSS / SEO-tag injection
myshopify.com CNAME detection
X-Shopify header fingerprinting

How It Works

1

Detection

Check myshopify.com CNAME + X-Shopify-* headers.

2

Liquid Scan

Probe for SSTI via Liquid expression evaluation in customisable surfaces.

3

API

Test storefront API for permission-misconfig exposure.

4

Scope

Hosted Shopify core is handled by Shopify themselves; this addon scans YOUR storefront surface only.

Compliance Coverage

OWASP-A03 (Injection)

Shopify Storefront Security

€49

Any tier · One-time per scan

8 specialized tests + AI-powered analysis

Start Your Scan

Select this addon when configuring your scan

Related Add-Ons

Ecommerce Security (PCI DSS)

€149

Payment security and PCI DSS compliance testing