dbugd guide

What DBUGD looks for

Each level adds another layer of outside-in checks. Levels 1–2 are live; Levels 3–10 are reserved for deeper reliability and security coverage.

Level 1
Live

Security basics

Headers, clean 200s, entry-level health check.

Plain English
  • Make sure the homepage loads cleanly (no 4xx/5xx).
  • Add the safety headers browsers expect (CSP, HSTS, X-Frame-Options, Referrer-Policy).
  • Don’t serve obvious errors to users or bots.
Dev notes
  • Expect HTTP 200 on root; flag non-200.
  • Check presence of: Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, Referrer-Policy.
  • Label findings by severity; compute score out of 100.
Level 2
Live

Sensitive user page protection

HTTPS redirects, cookies, mixed content, CORS, caching, exposed files, referrer policy.

Plain English
  • Force HTTP→HTTPS permanently.
  • Keep login/session cookies secure (Secure, HttpOnly, SameSite).
  • No mixed content (no HTTP scripts/styles/iframes/images on HTTPS).
  • Don’t allow CORS * with credentials.
  • Mark sensitive paths (login/account/checkout) as private/no-store.
  • Don’t expose .env, .git/HEAD, config.php, phpinfo.php, server-status.
  • Set Referrer-Policy so URLs don’t leak.
Dev notes
  • HTTP probe for 301/308 to HTTPS (302/307 = warn; 200 on HTTP = high).
  • Parse Set-Cookie; warn on missing Secure/HttpOnly/SameSite; session-name heuristics.
  • Parse HTML for http:// in script/link/iframe/img (active vs passive mixed content).
  • Flag ACAO:* + ACC=true.
  • Sensitive path heuristic: login/signin/account/dashboard/user/checkout/cart/billing; require no-cache/no-store/private.
  • Probe /.env, /.git/HEAD, /config.php, /phpinfo.php, /server-status for 2xx + markers.
  • Warn if Referrer-Policy missing.
  • Score starts at 100; subtract per finding.
Level 3
Planned

Coming soon

Reserved for deeper checks.

Level 4
Planned

Coming soon

Reserved for deeper checks.

Level 5
Planned

Coming soon

Reserved for deeper checks.

Level 6
Planned

Coming soon

Reserved for deeper checks.

Level 7
Planned

Coming soon

Reserved for deeper checks.

Level 8
Planned

Coming soon

Reserved for deeper checks.

Level 9
Planned

Coming soon

Reserved for deeper checks.

Level 10
Planned

Coming soon

Reserved for deeper checks.