How to Add a Security Scanner to ChatGPT Codex with MCP
ChatGPT Codex builds features. It does not configure security. Connecting SiteSecurityScore via the Model Context Protocol gives Codex, Cursor, and Windsurf the ability to scan your deployed site and fix what it finds, all in the same session where it wrote the code.
ChatGPT Codex is OpenAI's cloud coding agent that can read repositories, write code, and run tests autonomously. Like every other AI coding environment, it is exceptionally good at building features. What it does not do by default is add the security configuration that protects those features once they are live.
The Model Context Protocol (MCP) changes this. By connecting an external security scanner to Codex, you give it the ability to scan a deployed site, read the security findings, and write the code to fix them, all in the same session where it built the features. This article shows how to wire SiteSecurityScore into Codex and, along the way, into Cursor and Windsurf, which share the same MCP configuration format.
By the end you will have a working setup where "scan this site for security issues" is a one-sentence prompt that returns a graded report and suggested fixes, directly inside your AI coding tool of choice.
MCP in ChatGPT Codex#
The Model Context Protocol (defined here for the first time: an open standard created by Anthropic that specifies how AI assistants communicate with external tools) is now supported across multiple AI coding environments including ChatGPT Codex, Cursor, Windsurf, and Claude Code. Rather than each tool building its own plugin system, they all speak the same protocol, which means a tool configured once works everywhere.
In Codex, MCP works through a configuration file. You define one or more tool servers, and when Codex starts a session it discovers which tools are available. From that point, you invoke them in natural language. Saying "check the security of this URL" becomes a tool call to the scanner. The result comes back as structured text inside the session, and Codex can read it and act on it.
The underlying architecture is straightforward. Codex sends a JSON-RPC request to the MCP server URL you configured. The server at sitesecurityscore.com/mcp authenticates the request using your API key, runs a full security scan against the target URL, and returns a plain-text report. Codex reads that report and uses it as context for generating fix code. No browser extension, no copy-pasting between windows, no switching tabs.
How the MCP scan flow works
Codex / Cursor / Windsurf
Sends JSON-RPC request
MCP server
sitesecurityscore.com/mcp
Security scan
Headers, DNS, TLS, CSP
Structured report
Codex reads and fixes
The protocol uses a tool called scan_site. When you ask Codex to scan a URL, it calls this tool with the target URL as a parameter. Everything else is automatic.
The security gap in AI-generated code#
AI coding agents like Codex write code that works. They produce React components, Express routes, database queries, and deployment configs. What they do not produce by default is the server configuration that controls how browsers interact with the app once it is live.
A few specific gaps come up consistently. Content Security Policy (a response header that tells the browser which sources of scripts, images, and styles are permitted to load) is rarely set. HSTS (a header that instructs browsers to always use HTTPS for a domain, preventing protocol downgrade attacks) is missing. CORS configuration (headers that control which origins can make API requests to your server) is often set too permissively. DMARC (a DNS record that tells mail servers how to handle email that fails sender authentication) is absent, leaving your domain open to spoofing.
These are not coding errors. They are missing configuration that sits outside the typical feature-building loop. Codex writes the app; nobody told it to also configure the security layer. The result is that most AI-built apps launch with working features and no security posture. A full scan typically surfaces four to eight issues in a freshly generated app, all of them fixable in under an hour.
Deploying without scanning is deploying without testing
Security configuration is testable and verifiable. Shipping a site without running a security scan is the same mistake as shipping code without running a test suite. The MCP connector puts the scan one prompt away, inside the same tool you used to build the app.
Adding the MCP scanner closes this gap naturally. Codex can notice missing configuration in the same session where it builds features, without context switching, without a separate tool, and without you needing to know the exact headers required before you ask.
For more on why vibe-coded and AI-generated apps have particular security exposure, see How to Scan Your Vibe Coded App for Security Issues.
Installing the connector#
Setup takes three steps. You create an account, generate an API key, and add one JSON block to your Codex configuration. There is nothing to install locally.
1Create an account and get an API key
- Go to sitesecurityscore.com and sign up for a free account.
- Navigate to the API Keys page in your account settings.
- Click "Generate new key." Your key starts with
sss_and gives you access to the MCP endpoint. - Copy the key immediately. It is only shown once in full.
2Add the MCP server to Codex
ChatGPT Codex reads MCP configuration from a JSON file. The exact file path depends on your Codex environment. Check your Codex environment settings or OpenAI documentation for where to place the config file in your specific setup. The content is the same regardless of location.
{
"mcpServers": {
"sitesecurityscore": {
"url": "https://www.sitesecurityscore.com/mcp",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}Replace YOUR_API_KEY with the key you just generated. That is the only value you need to change.
3Verify the connection
- Start a new Codex session after saving the config file.
- Ask: "What tools do you have available?" Codex should list
scan_siteamong the available tools. - If the tool does not appear, verify the config file path is correct and restart the session.
Keep your API key out of version control
If your MCP config file lives inside a project directory, add it to .gitignore before committing. For team environments, store the API key in an environment variable and reference it from the config rather than hardcoding it in the file.
Running your first scan#
The scanner checks your live, deployed site rather than your local code. Before running a scan, deploy your app to any hosting platform: Vercel, Netlify, Railway, Render, or any other host that gives you a public URL. Then bring that URL back to Codex.
Here is a complete example of what a session looks like from the first prompt through to a grade result.
Scan https://myproject.vercel.app for security vulnerabilities
Calling tool: scan_site({ "url": "https://myproject.vercel.app" })
Security scan: https://myproject.vercel.app
Grade: D
PASSING
Transport Security HTTPS enforced, valid certificate
NEEDS ATTENTION
Content Security Policy
[HIGH] No Content Security Policy header.
Fix: Add: Content-Security-Policy: default-src 'self'
Security Headers
[MEDIUM] X-Content-Type-Options not set to nosniff.
Fix: Add: X-Content-Type-Options: nosniff
Clickjacking Protection
[MEDIUM] No clickjacking protection.
Fix: Add: Content-Security-Policy: frame-ancestors 'none'
Information Hygiene
[LOW] Referrer-Policy not set.
Fix: Add: Referrer-Policy: strict-origin-when-cross-origin
DNS / Email Security
[HIGH] No DMARC record.
Fix: Add TXT record: v=DMARC1; p=reject; rua=mailto:security@yourdomain.com
5 issues require attention. Full report: sitesecurityscore.com/sitescan/myproject.vercel.appYour site is currently graded D, meaning it has significant security gaps. The two HIGH severity issues are missing a Content Security Policy and a missing DMARC record. I found three more MEDIUM and LOW issues as well. I can fix the header issues in your server config and give you the DNS record to add for DMARC. Want me to proceed?
A grade of D means the site has real issues that would be exploitable or would fail a basic security review. The scan covered HTTP security headers, Content Security Policy directives, TLS and HTTPS configuration, DNS email authentication (SPF, DKIM, DMARC), cookie security flags, and information disclosure through response headers. Each finding includes the specific header or record that is missing and the exact value to set.
Implementing the fixes#
After the scan, you can ask Codex to apply the fixes directly. Telling it your framework gives it the context to write the right code for your stack.
Fix all the HIGH and MEDIUM issues. I'm using Next.js.
Codex produces a next.config.js update that applies all the missing headers across every route:
/** @type {import('next').NextConfig} */
const nextConfig = {
async headers() {
return [
{
source: '/(.*)',
headers: [
{
key: 'Content-Security-Policy',
value: [
"default-src 'self'",
"script-src 'self' 'unsafe-inline'",
"style-src 'self' 'unsafe-inline'",
"img-src 'self' data: https:",
"font-src 'self'",
"connect-src 'self'",
"frame-ancestors 'none'",
"object-src 'none'",
"base-uri 'self'",
].join('; '),
},
{ key: 'X-Content-Type-Options', value: 'nosniff' },
{ key: 'X-Frame-Options', value: 'DENY' },
{ key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
{ key: 'Permissions-Policy', value: 'camera=(), microphone=(), geolocation=()' },
],
},
];
},
};
module.exports = nextConfig;For Express or Node.js backends, Codex uses the helmet package to apply the same coverage:
import helmet from 'helmet';
// Apply security headers to all routes
app.use(helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'"],
styleSrc: ["'self'", "'unsafe-inline'"],
imgSrc: ["'self'", "data:", "https:"],
connectSrc: ["'self'"],
fontSrc: ["'self'"],
objectSrc: ["'none'"],
frameAncestors: ["'none'"],
baseUri: ["'self'"],
},
},
referrerPolicy: { policy: 'strict-origin-when-cross-origin' },
}));Once you deploy the changes, run a second scan to confirm the fixes landed correctly.
Now scan again and verify the fixes worked.
Calling tool: scan_site({ "url": "https://myproject.vercel.app" })
All HIGH and MEDIUM header issues are now resolved. The remaining item is the DMARC DNS record, which requires a change at your DNS provider. I can give you the exact TXT record to add whenever you are ready.
The loop of scan, fix, redeploy, re-scan takes about ten minutes for a typical app. Every step happens inside the same Codex session with no context switching.
Setup for Cursor, Windsurf, Lovable, and Replit#
All of these tools support remote MCP servers over HTTP. Cursor and Windsurf use a JSON config file; Lovable and Replit configure the server through a UI form. The MCP endpoint and API key are the same regardless of tool.
Cursor
Cursor reads global MCP configuration from ~/.cursor/mcp.json. Create or edit that file:
{
"mcpServers": {
"sitesecurityscore": {
"url": "https://www.sitesecurityscore.com/mcp",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}After saving the file, restart Cursor. The scan_site tool appears in Cursor's agent mode. Note that MCP tools are available in agent mode (the Composer with "agent" selected), not in the standard chat panel.
Windsurf
Windsurf follows the same pattern. Place the identical JSON block in ~/.windsurf/mcp.json and restart the application. The Cascade agent in Windsurf picks up the tool automatically.
Once configured in any of these tools, the prompts are the same: "Scan [URL] for security issues" to get the report, and "Fix the findings you found" to generate the remediation code.
MCP setup by tool
Claude Code
.mcp.jsonProject root — or use claude mcp add CLI for global scope
Cursor
~/.cursor/mcp.jsonGlobal, applies to all projects
Windsurf
~/.windsurf/mcp.jsonGlobal, applies to all projects
ChatGPT Codex
Per-environment configCheck Codex environment settings
Lovable
Connectors → Chat connectorsAdd server URL + Bearer token in UI
Replit
Integrations → MCP ServersAdd server URL + Authorization header in UI
Lovable
Lovable supports remote MCP servers through its web interface. Open your project, go to Connectors in the sidebar, then Chat connectors, and click New MCP server. Set the server URL to https://www.sitesecurityscore.com/mcp, choose Bearer token or API key as the auth type, and paste in your key. Once saved, Lovable's AI can call scan_site directly when you ask it to check your deployed site.
Replit
Replit Agent supports remote MCP servers through the Integrations pane. Click Integrations in the sidebar, find MCP Servers for Replit Agent, and click Add MCP server. Set the server URL to https://www.sitesecurityscore.com/mcp and add a custom header with key Authorization and value Bearer YOUR_API_KEY. Click Test & Save and the scanner tool becomes available to Replit Agent.
If you use Claude Code, the setup and workflow are covered in detail in How to Add a Security Scanner to Claude Code with MCP. The same API key works across all tools.
Frequently asked questions#
Does ChatGPT Codex support MCP natively?
ChatGPT Codex's MCP support depends on the version and environment you are using. As of April 2026, Codex in the ChatGPT web interface and the API supports MCP through tool definitions. Check OpenAI's current documentation for the exact configuration format, as it may differ from the example shown here. The MCP endpoint at sitesecurityscore.com/mcp follows the standard MCP specification and works with any compliant client.
Can I use the same API key for multiple AI tools?
Yes. Your SiteSecurityScore API key works with any MCP compatible client. You can use the same key in Codex, Cursor, Claude Code, and Windsurf simultaneously. Each scan uses one of your monthly scan credits regardless of which tool initiated it.
What if the scan reports issues that don't apply to my app?
Some findings are informational rather than critical. For example, DNSSEC is flagged as LOW severity because not all DNS providers support it easily. Focus on HIGH and MEDIUM severity issues first. You can ask your AI assistant to explain any finding in more detail and assess whether it applies to your specific stack.
How often should I scan during development?
Scan at three key moments: when you first deploy, after any deployment that changes server configuration, and before any public launch or marketing push. For actively developed apps, a weekly scan catches regressions early. The MCP connector makes this easy. It takes one sentence to initiate a scan from inside your coding session.
The scan shows issues I already know about. Can I suppress them?
The current scan shows all findings every time. If you're tracking known issues, you can ask your AI assistant to compare two scan results and flag only new findings. Scheduled monitoring through SiteSecurityScore will alert you when the security posture of a site changes, which is useful for tracking regressions over time.
References
Continue reading
How to Scan Your Vibe Coded App for Security Issues
A complete guide to scanning AI-generated apps and fixing the most common security gaps.
How to Add a Security Scanner to Claude Code with MCP
Connect SiteSecurityScore to Claude Code via MCP and scan sites without leaving your editor.
How to Check Security Headers
A practical guide to checking, testing, and verifying HTTP security headers on any website.
Add a security scanner to your AI coding tool
Get an API key, paste one JSON config, and your next Codex or Cursor session can scan and fix your site's security.