Case Studies — Real-World HTTP Security Fixes

Case Studies

Platform-specific investigations showing why security headers and CORS configurations fail on specific infrastructure — and exactly how to fix them.

How SharePoint Online Enforces CSP — And How to Work Around It
Microsoft enforced CSP on SharePoint Online in March 2026. Why your SPFx components are blocked and how to fix them.
Why AWS CloudFront Strips Security Headers — And How to Add Them Back
Security headers on your EC2/ECS backend are dropped before reaching the browser. Response Headers Policy and CloudFront Functions are the fix.
CORS on Azure API Management — Complete Configuration
APIM handles CORS via XML policy documents — your backend config is bypassed entirely. Here is the exact policy XML.