Quick tip for checking your security headers:
curl -I https://yoursite.com | grep -i 'x-frame\|content-security\|strict-transport\|x-content-type'
If you get no output, you're missing all of them. HSTS is the most important one to add first — it forces HTTPS on all future visits.
Want a full breakdown? Run a free check at https://audit.hummusonrails.com/free
Top comments (2)
am tip: ask gemini to help with this. I just prompted with: audit.hummusonrails.com/free says jrwren.dev is missing meta description and security headers. write them for me.
that's a great use case! 💯