Use when requests involve browser security headers, CSP rollout, XSS risk reduction, clickjacking defenses, asset restrictions, or hardening the client-facing response surface. Design and enforce browser-facing security headers and Content Security Policy for web applications: CSP, HSTS, frame and embed controls, referrer policy, permissions policy, and related response-hardening decisions.
