Rustango docs

Security headers & hardening

CSRF, CSP, HTTPS, rate limiting, lockout.

Layer security_headers (HSTS, X-Frame-Options, nosniff, Referrer-Policy, CSP), csp_nonce (per-request CSP nonce), ssl_redirect, and host_validation (ALLOWED_HOSTS parity). rate_limit (token bucket) + account_lockout (cache-backed failure counter) defend auth endpoints.

Defense in depth

Combine HTTPS redirect + HSTS + security headers + rate limiting + lockout — no single layer is sufficient.