Headers: Content-Security-Policy, Strict-Transport-Security, Referrer-Policy.Gizli Anahtarlar: FIREBASE_SERVICE_ACCOUNT_KEY server runtime only.CSP tips: script-src 'self' 'strict-dynamic' + nonce.Monitoring: Security logs and alerts.