Full Security Headers Audit
Complete security headers audit: check all headers, generate missing ones, and evaluate the overall security posture.
このレシピの使いどころ
Quarterly security headers audit for compliance and vulnerability prevention. Covers OWASP recommended headers and ensures they work together cohesively.
ステップ
Security Header Checker
このツールを試す →Audit existing headers
CSP Generator
このツールを試す →Generate missing CSP
CSP Evaluator
このツールを試す →Grade the CSP
CORS Generator
このツールを試す →Align CORS with CSP
SRI Hash Generator
このツールを試す →Add integrity protection
よくある質問
What security grade should I aim for?
A+ on securityheaders.com. Required headers: CSP, HSTS (with preload), X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy.
Can security headers break my site?
Yes, especially CSP. Deploy in report-only mode first. HSTS with preload is permanent — test thoroughly. X-Frame-Options: DENY blocks all iframes including your own embeds.
関連レシピ
Secure Password Workflow
Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.
Web Security Header Audit
Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.
JWT Authentication Setup
Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.
API Security Hardening
Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.