Access control, abuse resistance, TLS, and the headers that matter — without cargo cult security..