Security Headers Check

1. HTTPS + Protocol

2. Headers (check browser devtools)

Open F12 → Network → this page → Response Headers and verify:

• strict-transport-security
• x-content-type-options
• x-frame-options
• x-xss-protection
• referrer-policy
• permissions-policy
• server → should be hidden or minimal
• x-powered-by → should be absent

3. Rate limit test