388 B
388 B
Security Header Validation Report
Decision
Blocked pending evidence
Static source controls for CSP and related headers passed. Real production responses were not available, so CSP, Referrer-Policy, Permissions-Policy, framing controls, HSTS, CORS, cache headers, and error-page headers remain unverified.
Release impact
Launch remains withheld. No exception is accepted.