Website Updates – Security & Performance

I’m making some changes to the hosting and configuration of this site, you can see the rough goals below:

  • Changing hosting provider from a legacy shared server to a cloud hosting provider with better security and high availability.
  • Adding stricter (and end-to-end) encryption to the entire site using a combination of CloudFlare and LetsEncrypt.
  • Changing the sites security / performance configuration to support and enforce:
    • Content-Security-Policy
    • X-Frame-Options
    • X-XSS-Protection
    • X-Content-Type-Options
    • Strict-Transport-Security
    • HTTP Strict Transport Security (HSTS)
    • Authenticated Origin Pulls
    • HTTP/2 + SPDY
    • IPv6 Compatibility
    • Scrape Shield

Using various tools this should actually be quite straightforward. I plan to detail the main stages / steps in some later posts.

Continue Reading

Transparency Report on HTTPS – Google

Google has added some new sections to their Transparency Reporting site. The most interesting is the new ‘HTTPS on top sites‘ page which shows some interesting details for a list of sites which make up around 25% of all website traffic world wide.

Some heavy hitters in the list which aren’t even trying to serve website content over HTTPS:

2016-03-16 08_22_38-Transparency Report – Google

Some of the ‘good’ sites which have best practice configuration:

2016-03-16 08_23_02-Transparency Report – Google

Source: Transparency Report – Google

Continue Reading
1 5 6 7 8 9 13