Website | Harry McLaren

As I have just rebuilt the site, I wanted to up some of the security controls in place, after an evening of messing around, we’re now getting great scores of some of the online testers:

Some great results, a few final things to tidy up, but overall I’m really happy with the new controls and monitoring in place.

Website Updates – Security & Performance

I’m making some changes to the hosting and configuration of this site, you can see the rough goals below:

Changing hosting provider from a legacy shared server to a cloud hosting provider with better security and high availability.
Adding stricter (and end-to-end) encryption to the entire site using a combination of CloudFlare and LetsEncrypt.
Changing the sites security / performance configuration to support and enforce:
- Content-Security-Policy
- X-Frame-Options
- X-XSS-Protection
- X-Content-Type-Options
- Strict-Transport-Security
- HTTP Strict Transport Security (HSTS)
- Authenticated Origin Pulls
- HTTP/2 + SPDY
- IPv6 Compatibility
- Scrape Shield

Using various tools this should actually be quite straightforward. I plan to detail the main stages / steps in some later posts.

Website Security

Website Updates – Security & Performance