Manus AI Site Security: What AI Website Builders Forget

I built a website in 20 minutes

Manus is impressive. I described what I wanted. It researched, designed, coded, and deployed a working website with branding, content, and a live URL. All from a single conversation. No code written by hand. No templates. No CSS tweaking.

For getting an idea off the ground fast, it is one of the best tools available right now. It hit $100 million in annual recurring revenue in eight months. Meta reportedly acquired it for $2-4 billion in late 2025. The hype is real. The tool delivers.

Then I scanned the site.

Grade: F

I ran my Manus-built site through securityheaders.com.

Five of six critical security headers were completely missing.

| Header | Missing? | What it prevents | | ------------------------- | ------------------ | ---------------------------------------- | | Content-Security-Policy | Yes | XSS attacks | | X-Frame-Options | Yes | Clickjacking | | X-Content-Type-Options | Yes | MIME-type confusion | | Referrer-Policy | Yes | URL leakage to third parties | | Permissions-Policy | Yes | Unwanted camera, mic, geolocation access | | Strict-Transport-Security | Present but broken | Protocol downgrade attacks |

The one header that was present (HSTS) was served over HTTP. Browsers ignore HSTS headers received over HTTP because an attacker on the same network could inject a fake one. The single security header the AI added was completely ineffective.

The site also loaded over plain HTTP with no redirect to HTTPS.

Here is the thing: it was running on Cloudflare infrastructure. Adding these headers on Cloudflare takes about 15 minutes. The AI just never did it.

This is not a Manus problem

This is a category problem.

OWASP's guidance on secure headers notes that AI content generators tend to focus on HTML structure and visible content while ignoring HTTP-layer security configurations that require server-side implementation.

Security headers are invisible. They never appear in a demo. They do not affect whether buttons work or pages load. The AI has no reason to add them.

Lovable acknowledged this gap in March 2026 and partnered with Aikido for $100 pen tests. Bolt.new added security scanning on their premium Teams tier only. Manus is SOC 2 Type 2 and ISO 27001 certified, but those certifications cover the platform, not the sites it builds for you.

Bottom line: If you are using any AI website builder, your site almost certainly has this same problem.

What Manus does well

This is not a hit piece. Manus is genuinely excellent at what it does.

Fast builds. Describe your business in plain language. Manus handles research, content, design, and code in one conversation. The output is polished enough to ship as an MVP.

Clean migration. Preview on their hosted URL, connect GitHub, create a repo with one click. I purchased a domain at Cloudflare, set up auto-deploy from GitHub, and shut down the Manus version. No lock-in. No proprietary format. Just a standard repo.

Accessible pricing. $20/month for 4,000 credits. $40/month for 8,000. $200/month for 40,000. All plans include daily refresh credits, 20 concurrent tasks, and Wide Research. Cheaper than one hour of freelance work.

Solid infrastructure. Cloudflare-backed hosting. Automatic SSL certificates. DDoS protection included.

The foundation is there. The security configuration is not.

What to add before going live

This takes one afternoon.

Cloudflare Pages

Option 1: Static _headers file. Create a public/_headers file in your repo:

Ready to apply the FORGE framework?

VibeSec helps knowledge worker teams redesign their processes using the FORGE framework: Skills, Agents, Guardrails, and Schedule. Security is built in, not bolted on. Map your first process in 10 minutes.

Map Your Process Common Questions

/*
  Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests
  X-Frame-Options: DENY
  X-Content-Type-Options: nosniff
  Referrer-Policy: strict-origin-when-cross-origin
  Permissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=()
  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
  Cross-Origin-Opener-Policy: same-origin

Option 2: Pages Function middleware (recommended). If your CSP needs to vary by route, or if the _headers file is not being applied consistently, use a functions/_middleware.js file instead. This runs on every request and gives you full control:

export async function onRequest(context) {
  const response = await context.next();
  response.headers.set(
    "Content-Security-Policy",
    "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'"
  );
  response.headers.set("X-Frame-Options", "DENY");
  response.headers.set("X-Content-Type-Options", "nosniff");
  response.headers.set("Referrer-Policy", "strict-origin-when-cross-origin");
  response.headers.set(
    "Permissions-Policy",
    "geolocation=(), microphone=(), camera=(), payment=(), usb=()"
  );
  response.headers.set(
    "Strict-Transport-Security",
    "max-age=31536000; includeSubDomains; preload"
  );
  response.headers.set("Cross-Origin-Opener-Policy", "same-origin");
  return response;
}

The middleware approach is more reliable. We use it on vibesecadvisory.com after running into issues with the static _headers file not applying consistently.

Vercel

Add to vercel.json:

{
  "headers": [
    {
      "source": "/(.*)",
      "headers": [
        { "key": "X-Frame-Options", "value": "DENY" },
        { "key": "X-Content-Type-Options", "value": "nosniff" },
        {
          "key": "Referrer-Policy",
          "value": "strict-origin-when-cross-origin"
        },
        {
          "key": "Strict-Transport-Security",
          "value": "max-age=31536000; includeSubDomains; preload"
        },
        {
          "key": "Content-Security-Policy",
          "value": "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'"
        },
        {
          "key": "Permissions-Policy",
          "value": "geolocation=(), microphone=(), camera=()"
        }
      ]
    }
  ]
}

Netlify

Create a public/_headers file:

/*
  X-Frame-Options: DENY
  X-Content-Type-Options: nosniff
  Referrer-Policy: strict-origin-when-cross-origin
  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
  Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'
  Permissions-Policy: geolocation=(), microphone=(), camera=()

Still on Manus hosting?

Your best move: migrate. The GitHub export makes it easy. Create the repo, set up your hosting provider, add headers, and shut down the Manus version.

If you need to stay on Manus temporarily, put Cloudflare in front as a proxy and use Transform Rules to add headers at the edge.

Verify it worked

curl -I https://yourdomain.com

Or scan at securityheaders.com. You should see an A or A+ grade.

Beyond headers

Security headers are the most visible gap, but not the only one. AI-generated sites also commonly ship without:

Input validation on forms
Rate limiting on submissions
HTTPS enforcement
Secrets in client-side code (API keys baked into the JavaScript bundle)
Verbose error messages exposing stack traces

If your site collects any user data, review our complete security checklist before going live.

Know what you are signing up for

Manus was built by Butterfly Effect, originally founded in China, now headquartered in Singapore. Meta reportedly acquired the company in December 2025.

The privacy policy (updated December 27, 2025) states that your data, including files, shell commands, generated code, and task execution logs, may be shared with "corporate parent, subsidiaries, and affiliates." That now means Meta.

The platform also shares data with undisclosed third-party AI providers and advertising partners including Google, LinkedIn, and X.

This is not unusual for a SaaS platform at this price point. But if you are building a site that collects customer data, understand the chain. Your code, prompts, and output pass through Manus, Meta, and third-party AI providers.

For prototypes and MVPs? Probably fine. For anything handling sensitive customer data? Worth a closer look.

The bigger picture

Manus is one of the most capable AI website builders available. The build experience is great, the migration path is clean, and the pricing makes it accessible to anyone with an idea. I will keep using it for prototyping.

But "it works" and "it is secure" are different things. The AI builds what you can see. Security headers, input validation, and HTTPS enforcement are invisible. The AI skips them every time.

This is not unique to Manus. It is the state of every AI website builder in 2026. The tool gets you from zero to live faster than anything else. It does not make the site safe for real users.

That part is still on you.

Frequently Asked Questions

Is Manus safe to use for building websites?

Manus is safe as a development tool. The platform is SOC 2 Type 2 and ISO 27001 certified, and each task runs in an isolated sandbox. The concern is with the sites it generates, not the platform itself. Generated sites ship without security headers, input validation, and rate limiting. Use Manus to build. Add security before going live.

What security headers are missing from Manus-built sites?

In our testing, five of six critical headers were missing: Content-Security-Policy (XSS protection), X-Frame-Options (clickjacking protection), X-Content-Type-Options (MIME sniffing protection), Referrer-Policy (URL leakage prevention), and Permissions-Policy (browser feature restriction). HSTS was present but served over HTTP, making it ineffective.

Do Lovable and Bolt have the same problem?

Yes. OWASP documents that AI content generators focus on visible content, not HTTP-layer security. Lovable partnered with Aikido for security testing. Bolt added scanning on premium tiers only. If you use any AI website builder, assume your headers are missing and add them yourself.

How do I migrate my Manus site to my own hosting?

Connect GitHub to Manus and create a repo for your site. Set up your hosting provider (Cloudflare Pages, Vercel, or Netlify) to auto-deploy from that repo. Add security headers using the examples in this post. Shut down the Manus version. The whole process takes about an hour.

Does Manus share my code with Meta?

Yes, potentially. The privacy policy states that data (including generated code, files, and task logs) may be shared with the corporate parent. Since Meta reportedly acquired Manus in December 2025, that now means Meta. For prototypes this is standard SaaS data handling. For sensitive projects, review the full policy at manus.im/privacy.

Manus is a great starting point. Make it a secure one. If you want help reviewing your AI-built site before real users see it, get in touch.

Weekly security tips

Actionable security insights for vibe coders, delivered every Thursday. No spam, unsubscribe anytime.

By subscribing, you agree to receive marketing emails from VibeSec Advisory. You can unsubscribe at any time. Privacy Policy

Ready to apply the FORGE framework to your team?

Map your first process in 10 minutes and get deliverables within 48 hours. No call required.