Jun 12, 2026
2 min read
2 min read
How to Fix a Missing Content-Security-Policy Header
A missing CSP is the most common high-impact gap we find. Here's how to add one safely without breaking your site.
cspheadersxss
Fix guides
Practical, copy-paste fixes for the issues our scanner finds — written for developers, no fluff.
Jun 9, 2026
2 min read
2 min read
HSTS Explained — Stop SSL Stripping with Strict-Transport-Security
HTTPS alone doesn't stop downgrade attacks. HSTS does. Here's what the header means and how to deploy it safely.
hststlsheaders
Jun 5, 2026
2 min read
2 min read
Securing Cookies — HttpOnly, Secure, and SameSite Explained
Three small flags turn a leaky cookie into a hardened one. Here's what Secure, HttpOnly and SameSite do and how to set them.
cookiescsrfxss
Jun 2, 2026
2 min read
2 min read
Is Your .git Folder Exposed? How to Find and Fix It
A publicly accessible .git directory can leak your entire source code and its history. Here's how to check and shut it down.
exposuregitdeployment
May 28, 2026
3 min read
3 min read
SPF, DKIM, and DMARC — Email DNS Records That Stop Spoofing
Three DNS records decide whether attackers can send email as your domain. Here's how SPF, DKIM and DMARC fit together and how to set them up.
dnsdmarcspfemail