Security · Security Headers & LGPD

A secure website is the exception in the market. Yours should be the rule.

1 in 3 websites has no basic protection at all. Is yours in that group?

Painel de segurança com security headers, nota A+ e camadas de proteção do site
[ The problem ]

Most websites fail at the basics.

What's at stake

Security isn't just “not getting hacked”. It's a credibility signal - to the customer, to the browser and, now, to the ANPD.

Why most fail

Most websites fail at the basics: they run without Security Headers, with outdated CMS and plugins, exposing data and reputation.

[ Typical vs. Inodus ]

The same site, two different foundations.

Security Headers
Comumgrade F / none
InodusA/A+ (HSTS, CSP, X-Frame, etc.)
HTTPS / TLS
Comumbasic or misconfigured
Inodusstrong TLS + HSTS
CMS / plugins
Comumoutdated, broad attack surface
Inodusminimal, up-to-date stack
Data exposure
Comumhigh
Inodusreduced, LGPD-by-design
Incident response
Comumnonexistent
Inodusplan + Art. 48 compliance
[ The numbers ]

Ignoring the basics has a price.

Verified data from public studies. Weak security is the market norm - and the cost of an incident is not.

1 in 3sites with no protection

Have no security headers at all; only ~19–27% implement CSP, the main defense against XSS.

Fonte: HTTP Archive / AppSecSanta
54%agencies graded D or F

In our audit of the 50 agencies Google shows first, 54% scored a D or F in security - the problem starts with the people who build websites.

Fonte: Scan of 50 agency websites (Dev.to) - illustrative sample
5huntil the 1st exploit

Median time between a disclosed flaw and the first attack. 96% of WP vulnerabilities come from third-party plugins and themes.

Fonte: Patchstack / Sucuri
R$7.19Mcost of a breach

Average cost of a data breach in Brazil in 2025.

Fonte: IBM, 2025
[ Frequently asked questions ]
What are security headers?+

Instructions the server sends to the browser to block common attacks - clickjacking, XSS and connection downgrades. Most websites send none.

How do I test my website's security?+

In seconds, with a headers scanner - and most sites fail. The free audit does it for you.

I'm small - am I a target?+

Attacks are automated. A disclosed flaw becomes an exploit within hours, regardless of company size.

Does your website pass the security test?

Run the free audit and see, in seconds, your security headers grade - the same test that fails 9 out of 10 websites.