You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CSP hardening — https: wildcard removed from script-src and connect-src in public/_headers. Both directives are now pinned to 'self'. The site serves no third-party scripts at runtime, so this is a no-op for legitimate traffic and narrows the XSS / data-exfiltration attack surface.
Accessibility
aria-keyshortcuts + dialog-popup semantics on search triggers: header search button and 404-page .search-cta now expose aria-keyshortcuts="Control+K Meta+K", aria-haspopup="dialog", and aria-controls="search-dialog", with their visual <kbd>⌘</kbd><kbd>K</kbd> wrappers hidden from AT via aria-hidden="true". The search modal's Close button also gains aria-keyshortcuts="Escape". 404 CTA additionally gets an explicit aria-label="Search".
Focus-visible outline on landing-page compare cards — closes the last landing-page interactive surface that lacked a keyboard outline, matching the focus pattern used across the rest of the site.
