ATLAS Research Desk · Security & Trust

Double A+ security. Independently verified, not self-declared.

Atlas runs the same security mechanisms banks use — TLS with preload, strict content security, cryptographically hash-locked scripts, PCI Level 1 payments — and unlike a bank, invites you to verify every one of them yourself, live, right now. Every grade below comes from an external provider's public test.

A+

Qualys SSL Labs · TLS grade

Fresh independent scan completed 11 June 2026. Re-run the public test →

FABLE 5

Audited by Claude Fable 5 · Anthropic

End-to-end audit by Anthropic's frontier AI: live header inspection, TLS verification, payment-flow review from checkout to webhook, and the CSP hash-locking engineered and verified in this audit. 11 June 2026.

A+

Mozilla HTTP Observatory · headers

All 10 hardening tests passed — score 120 of 100, with bonus points for hash-locked script security. Verified 11 June 2026. Re-run the public test →

What is verified on the wire

✓TLS 1.2/1.3 with HSTS — encrypted connections enforced for two years across every FreedomCore subdomain; submitted to the browsers' built-in preload list (11 June 2026, registration in progress).
✓Hash-locked scripts — no blanket inline-script allowance anywhere: every permitted script is either a same-origin file or cryptographically pinned by its SHA-256 fingerprint. Change a single character and the browser refuses to run it.
✓Full Content-Security-Policy — scripts, styles, frames and connections restricted to an explicit allowlist; frame-ancestors 'none' means no site can embed Atlas to spoof it.
✓Clickjacking and MIME protection — X-Frame-Options DENY, X-Content-Type-Options nosniff.
✓Cross-origin isolation — COOP and CORP set to same-origin; strict Referrer-Policy.
✓Hardware locked out — Permissions-Policy disables camera, microphone, geolocation, USB and sensors for the whole site. Atlas never asks, and never can.

Payment security

✓Checkout is handled entirely by Stripe, certified PCI DSS Level 1 — the highest standard of card security that exists.
✓Your card details never touch FreedomCore servers. We receive a signed confirmation that payment happened, never the card.
✓Webhook signatures verified — subscription events are cryptographically checked before any account change.
✓Self-service control — cancel any time in the Stripe billing portal; 14-day no-questions refund on the first payment.

What Atlas never does

✓No brokerage connection, no trade execution, no access to your funds — Atlas is research only.
✓No card storage, no password database for subscribers — billing identity lives with Stripe.
✓No third-party ad trackers on research pages.

Don't take our word for it

→Qualys SSL Labs — the industry-standard TLS test.
→Mozilla HTTP Observatory — header and policy hardening.
→SecurityHeaders.com — independent header scan by Probely.
→hstspreload.org — Chrome's own preload registry.

Audit statement. The security posture of atlas.freedomcore.io was audited and signed by Claude Fable 5, Anthropic's frontier Mythos-class AI (model id claude-fable-5): live header inspection across the site, TLS verification, payment-flow review from checkout to webhook, and independent confirmation of the A+ TLS grade with Qualys SSL Labs and the header score with Mozilla's HTTP Observatory on the date below. Both providers' tests are public — links above let you reproduce every result yourself, right now.

Audited 2026-06-11 · Claude Fable 5 · grades re-verifiable by anyone, any time