1. We have set 4 additional security headers to harden the boundaries.
a. HSTS header is now in place and we have submitted our domain to HSTS preload list.
b. Content-Security-Policy can now prevent external resources from loading in case attackers were to successfully breach the boundaries. Additionally, we have instructed your browser to not to send Referrer information, this prevents the browser from sending a referrer header and hide your tracks (This header only works when using a modern browser).
c. X-XSS-Protection is now set to block mode to prevent possible XSS attacks.
d. X-Content-Type-Options helps to reduce the danger of drive-by downloads.
2. We are now on CloudFlare! Please rest assure that our backend servers are still using valid certificate to communicate with CloudFlare and we have set SSL mode to “Strict” to prevent Man-in-the-Middle attacks between our backend servers and CloudFlare.
3. We also implemented Content Security Policy report mechanism, so clients will report violations of security policy to our log service provider.
4. Few CSS issues have been fixed, including text overflow.
5. We have added DNSSEC to domain 92url.com for better security (DNSSEC only works if your local DNS supports DNSSEC).
If you have any questions, please do contact us via admin#92url.com