Phase 17
Final launch readiness
Feature build complete hone ke baad production me jaane se pehle ye final checks pass karo.
Build pass
Admin panel me matching audit page verify karo.
DB + Storage ready
Admin panel me matching audit page verify karo.
Payments tested
Admin panel me matching audit page verify karo.
Email tested
Admin panel me matching audit page verify karo.
Security baseline
X-Frame-Options
Protects against clickjacking.
Content type nosniff
Reduces MIME confusion risk.
Referrer policy
Controls referrer leakage.
Permissions policy
Blocks camera/mic/geolocation by default.
HTTP-only session cookie
Session token not readable by browser JS.
Password reset token model
Reset flow can store one-time tokens.
Privacy center route
User consent and deletion request flow exists.
Service role not public
Service role key must stay server-only.
Rate limit helper exists
AI/search endpoints can throttle abuse.
Global disclaimer banner
Non-legal-advice warning is visible.