Skip to main content

Auth

Better Auth session-based authentication — connection health, session lifecycle, and security diagnostics.

Security Headers

X-Frame-Options DENY
X-Content-Type-Options nosniff
Referrer-Policy strict-origin-when-cross-origin
Permissions-Policy camera=(), microphone=(), geolocation=()

CSRF Protection

Status Enabled
Mechanism SvelteKit built-in CSRF protection via Origin header checking

Trusted Origins

Origin https://www.v10r.dev

Only requests from these origins are accepted. No wildcards — explicit origins only (past CVE CVSS 9.3).

Rate Limiting

Built-in Disabled (broken in Better Auth — Issue #2153)
External Upstash Redis rate limiter on /api/auth/sign-in/*

System Info

Better Auth Version 1.4.6
Measured At 2026-06-16T14:33:37.655Z
See also: active anti-abuse layer Captcha, honeypot, per-email rate limits, AI token budget.