Full Security Headers Audit
Complete security headers audit: check all headers, generate missing ones, and evaluate the overall security posture.
이 레시피 활용 시점
Quarterly security headers audit for compliance and vulnerability prevention. Covers OWASP recommended headers and ensures they work together cohesively.
단계
Security Header Checker
이 도구 사용해보기 →Audit existing headers
CSP Generator
이 도구 사용해보기 →Generate missing CSP
CSP Evaluator
이 도구 사용해보기 →Grade the CSP
CORS Generator
이 도구 사용해보기 →Align CORS with CSP
SRI Hash Generator
이 도구 사용해보기 →Add integrity protection
자주 묻는 질문
What security grade should I aim for?
A+ on securityheaders.com. Required headers: CSP, HSTS (with preload), X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy.
Can security headers break my site?
Yes, especially CSP. Deploy in report-only mode first. HSTS with preload is permanent — test thoroughly. X-Frame-Options: DENY blocks all iframes including your own embeds.
관련 레시피
Secure Password Workflow
Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.
Web Security Header Audit
Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.
JWT Authentication Setup
Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.
API Security Hardening
Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.