We know the Roblox community is full of malware. Here is exactly how RBX SCAN works, and how you can verify our safety yourself.
Your scans are never logged on our servers. We do not track, collect, or store your IP address, timestamps, usernames, or scan history. Everything stays 100% local to your browser.
All communication between your browser, our API proxy, and Roblox's APIs is safely encrypted via HTTPS. Our proxy connection is secure and utilizes absolutely zero cookies or trackers.
RBX SCAN contains zero analytics, zero ads, and zero third-party tracking. We have no idea who you are or what you scan - and we prefer it that way.
When verifying your license, we securely contact Gumroad's official, trusted API to confirm validity. Once verified, your key is stored locally in your browser and is never sent to our servers again.
RBX SCAN operates completely passively by reading public server data. We never modify Roblox.com, alter your game client, or inject scripts into your account.
Because we collect no personal data, you are always in full control. If you want to permanently delete your data, simply clear your browser's local storage.
Trust is earned. We are proud to report zero known security breaches or vulnerabilities since our launch.
Security is our top priority. If you discover a vulnerability or security issue, please reach out directly. Email us at [email protected] or DM @rbxtools on Discord.
Google Chrome physically restricts what an extension can do via the manifest.json file. If you look at our extension's required permissions, you will see that the "cookies" permission is completely absent. Because we never ask for it, Chrome's security sandbox physically blocks our software from even attempting to access your login session.
A "beam" script or cookie logger MUST send your stolen data to a hacker's server (usually a Discord webhook) for it to work. Network traffic cannot be hidden from your browser.
Don't trust us? Trust your browser. Press F12 to open Developer Tools, go to the Network tab, and run a scan. You will see requests going straight to official roblox.com endpoints to find the server, and absolutely ZERO background requests, ZERO webhooks, and ZERO data transfers going to unknown third-party servers.
Even if a malicious script somehow bypassed Chrome's permissions, it still couldn't steal your account. Roblox secures your .ROBLOSECURITY cookie with an HttpOnly flag. This is a strict web standard that makes the cookie 100% invisible to client-side JavaScript. RBX SCAN cannot steal what it literally cannot see.