Scores HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, Cross-Origin-* + cookie flags. Emits paste-ready Netlify _headers block for any gaps.
Fetches the URL and reads upstream response headers (passed through by our Netlify proxy as X-Resp-*). Scores HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, plus Cross-Origin-* and cache directives. Emits a paste-ready Netlify _headers block to fix gaps.