Foundational security assessment covering HTTP security headers, transport security configuration, and basic security hygiene to protect against common web attacks.
21
Total Checks
3
Delivery Formats
3
Categories
5
Versions
Quality hardening: added counting/enumeration to 7 checks (cookies, SRI, CORS, env, dependencies), numeric thresholds for HSTS max-age/dependency age/permissions-policy, expanded 7 short pass criteria with specific conditions, added 4 cross-references to related audits, added quoting instructions to 2 checks (secrets, error pages), added negative guardrails to 3 checks (HSTS, CSP, secrets), added measurement-on-pass to 2 checks (HSTS, dependencies)
2026-04-02
Added Step 3 submission instructions to chunked format; improved Step 3 in full format (paste URL is now primary submission method)
2026-03-01
Adversarial testing improvements: tighten check criteria, fix ambiguous pass/fail boundaries, improve skip criteria cross-references, enhance remediation guidance
2026-02-27
Hardened curl commands with -sS -L flags for redirect following and error visibility. Added response validation guidance to Step 3.
2026-02-23
Initial release
2026-02-20