News, Website

Website Updates – Security & Performance

No Comments

I’m making some changes to the hosting and configuration of this site, you can see the rough goals below:

  • Changing hosting provider from a legacy shared server to a cloud hosting provider with better security and high availability.
  • Adding stricter (and end-to-end) encryption to the entire site using a combination of CloudFlare and LetsEncrypt.
  • Changing the sites security / performance configuration to support and enforce:
    • Content-Security-Policy
    • X-Frame-Options
    • X-XSS-Protection
    • X-Content-Type-Options
    • Strict-Transport-Security
    • HTTP Strict Transport Security (HSTS)
    • Authenticated Origin Pulls
    • HTTP/2 + SPDY
    • IPv6 Compatibility
    • Scrape Shield

Using various tools this should actually be quite straightforward. I plan to detail the main stages / steps in some later posts.

Continue Reading

News, Resources

Transparency Report on HTTPS – Google

No Comments

Google has added some new sections to their Transparency Reporting site. The most interesting is the new ‘HTTPS on top sites‘ page which shows some interesting details for a list of sites which make up around 25% of all website traffic world wide.

Some heavy hitters in the list which aren’t even trying to serve website content over HTTPS:

2016-03-16 08_22_38-Transparency Report – Google

Some of the ‘good’ sites which have best practice configuration:

2016-03-16 08_23_02-Transparency Report – Google

Source: Transparency Report – Google

Continue Reading
1 5 6 7 8 9 13