Wexts Shield

Current Guidance

• Includes security headers, strict CORS, CSRF for cookie auth, body limits, request timeouts, route policies, rate limits, concurrency limits, and audit redaction.
• The default memory store is single-process only.
• Network-level DDoS requires Cloudflare, WAF, load balancer controls, or provider protection.