CSP, X-Frame-Options, and more applied automatically to all responses.
Web applications are vulnerable to XSS, clickjacking, and data leaks.
Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy applied to all responses via proxy.