We extended the same set of browser security headers the API already sends so they now also cover every user-facing page. It's an invisible, behind-the-scenes hardening step — nothing changes in how you use Stela. A routine defense-in-depth improvement: Consistent security headers everywhere — The user-facing pages now send the same standard browser-protection headers that the API has always sent, so both sides of Stela share one security posture. There's nothing for you to do — it's entirely behind the scenes.