Skip to main content

Auth

Better Auth session-based authentication — connection health, session lifecycle, and security diagnostics.

Security Headers

X-Frame-Options DENY
X-Content-Type-Options nosniff
Referrer-Policy strict-origin-when-cross-origin
Permissions-Policy camera=(), microphone=(), geolocation=()

CSRF Protection

Status Enabled
Mechanism SvelteKit built-in CSRF protection via Origin header checking

Trusted Origins

Origin https://www.v10r.dev

Only requests from these origins are accepted. No wildcards — explicit origins only (past CVE CVSS 9.3).

Rate Limiting

Built-in Disabled (broken in Better Auth — Issue #2153)
External Upstash Redis rate limiter on /api/auth/sign-in/*

System Info

Better Auth Version 1.4.6
Measured At 2026-05-02T09:38:42.244Z