Quick tip for checking your security headers:
curl -I https://yoursite.com | grep -i 'x-frame\|content-security\|strict-transport\|x-content-type'
If you get no output, you're missing all of them. HSTS is the most important one to add first — it forces HTTPS on all future visits.
Want a full breakdown? Run a free check at https://audit.hummusonrails.com/free
Top comments (0)