04 May 2020
observatory
i've been learning a tiny bit about web security at mozilla's Web Security pages, and used their Mozilla Observatory to analyize this site and make it a bit safer. it was just a matter of adding a handful of headers to the webserver configuration, to wit:
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff Header set X-XSS-Protection "1; mode=block" Header always set Content-Security-Policy \ "default-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'"
