Secure Defaults
Default to the most secure configuration option
CLAUDE.md
Default to the most secure configuration. CORS should deny by default. Cookies should be HttpOnly, Secure, and SameSite. Permissions should start at zero and be explicitly granted.
Copy this block into your CLAUDE.md or agent config file to enforce it in your workflow.