server-bundle.json is available from the browser [issue link] I can access http://127.0.0.1:3000/_nuxt/server-bundle.json Shouldn’t it be inaccessible because it can contain sensitive information? This bug report is available on Nuxt.js community (#c785)