This is really for the people who are more technically focused.
Some things considered
- Http Headers
Browers are so much more powerful, feature rich and feature complient than just a few years ago. Some of the improvements have been around security. Considering that the browser is most people's main portal to accessing everything on the web that is a good thing. One area that has seen a lot of attention is http headers. Initially, it may be seem that adding an http header would not provide much impact. A user could use a older browser or a hacker could make their own browser or bot that would ignore the header. It's important to recall that the headers are only one part of the system. There is a lot to say on this topic, but that will have to wait. Thanks to https://securityheaders.io/ for easing my header checking effort. For now, know that the site uses
- HTTP Strict Transport Security (HSTS) so that http resquest and assets will always connect to the https end point
- Content Security Policy (CSP) to ensure that resources are pulled from trusted sources.
- Referrer-Policy to ensure that keep your browsing history just a little more private.
- X-Frame-Option to make sure that no one can sneak an Iframe into the page.