diff --git a/.claude/review-state.json b/.claude/review-state.json
index b21a0b9..6c3daea 100644
--- a/.claude/review-state.json
+++ b/.claude/review-state.json
@@ -1,6 +1,6 @@
 {
-  "last_run": "2026-05-26T00:55:00Z",
-  "last_commit": "5083c52b64190381eadbb9f0c13b42e52c358a5a",
+  "last_run": "2026-05-26T03:13:00Z",
+  "last_commit": "81f8735d167b597ed7a7a88cc7f89ba0b440b07d",
   "filed": [
     {
       "issue": 8,
@@ -14,6 +14,19 @@
         "evidence_quality": 10
       },
       "timestamp": "2026-05-26T00:55:00Z"
+    },
+    {
+      "issue": 17,
+      "title": "[REVIEW] HSTS: max-age=0 (HSTS revocation) scores status 'good' due to bonus points from includeSubDomains and preload",
+      "finding": "checkHSTS awards includeSubDomains (+3) and preload (+2) bonus points regardless of max-age value; with max-age=0 (HSTS revocation) + includeSubDomains + preload the total is 15/20 and status 'good', contradicting the revocation semantics of max-age=0.",
+      "score": 6.9,
+      "score_breakdown": {
+        "user_impact": 5,
+        "security_severity": 7,
+        "implementation_effort": 9,
+        "evidence_quality": 9
+      },
+      "timestamp": "2026-05-26T03:13:00Z"
     }
   ],
   "runner_ups": [
@@ -52,6 +65,18 @@
       "score": 7.9,
       "reason_not_filed": "duplicate of open issue #5",
       "timestamp": "2026-05-26T00:55:00Z"
+    },
+    {
+      "finding": "4 tests in test/analyzer.test.ts fail on HEAD 81f8735: 3 checkPermissionsPolicy tests have stale score expectations (expect 10, code returns 5) and A+ grade boundary test fails because permissions-policy fixture only restricts camera=(), earning 5/10 instead of 10/10.",
+      "score": 8.4,
+      "reason_not_filed": "duplicate of open issue #15 filed by earlier run in same session",
+      "timestamp": "2026-05-26T03:13:00Z"
+    },
+    {
+      "finding": "Feature-Policy fallback in checkPermissionsPolicy applies Permissions-Policy substring syntax (camera=()) to Feature-Policy header values, which use different syntax (camera 'none'), making the fallback unable to distinguish restrictive from permissive Feature-Policy values.",
+      "score": 6.55,
+      "reason_not_filed": "closely related to and addressed within open issue #15",
+      "timestamp": "2026-05-26T03:13:00Z"
     }
   ],
   "clean_areas": [
@@ -59,6 +84,9 @@
     "tsconfig.json strict mode is enabled",
     "CI workflows (ci.yml, publish.yml, auto-tag.yml) are sound",
     "X-Content-Type-Options check (rules.ts:93-104) — values correctly validated",
-    "X-Frame-Options check (rules.ts:73-91) — accepts DENY/SAMEORIGIN and CSP frame-ancestors fallback as expected"
+    "X-Frame-Options check (rules.ts:73-91) — accepts DENY/SAMEORIGIN and CSP frame-ancestors fallback as expected",
+    "checkHSTS max-age parsing — correctly extracts numeric value via regex, handles missing max-age as 0",
+    "analyzeHeaders score aggregation — header scores correctly sum to report total",
+    "CLI --timeout argument parsing — correctly threads FetchOptions to analyze()"
   ]
 }
diff --git a/package-lock.json b/package-lock.json
index 65db0c6..72d1b93 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -637,9 +637,6 @@
         "arm"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -654,9 +651,6 @@
         "arm"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -671,9 +665,6 @@
         "arm64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -688,9 +679,6 @@
         "arm64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -705,9 +693,6 @@
         "loong64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -722,9 +707,6 @@
         "loong64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -739,9 +721,6 @@
         "ppc64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -756,9 +735,6 @@
         "ppc64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -773,9 +749,6 @@
         "riscv64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -790,9 +763,6 @@
         "riscv64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -807,9 +777,6 @@
         "s390x"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -824,9 +791,6 @@
         "x64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -841,9 +805,6 @@
         "x64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [