ComplianceLite checks the basics — security headers, TLS, privacy policy presence, cookie consent, common misconfigs — and gives you the exact config snippets to fix what's broken. Built for indie SaaS at <$1M ARR.
HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy. We tell you which to add and the exact value.
HTTPS enforcement, redirect loops, mixed content. Catches the basics auditors flag in week one.
Privacy policy, terms, security page, DPA — published or not. Cookie consent presence. GDPR-friendly footer signals.
POST forms without CSP. Login flows over HTTP (yes, still happens). Common XSS sinks.
For each finding, the exact nginx/Caddy/Cloudflare snippet to fix it. Written by Claude, reviewed by a human.
Daily on Growth/Pro. Slack alert on regressions. CSV export.