Website security checks

Security headers, TLS/SSL

Check server TLS protocol support

Check signature of Android APK

Adding CORS header for specific domains in Nginx

How to set CAA DNS record?

To hint SSL CA if they are authorized to issue a cert for this domain

Implement and Verify Certificate Pinning in Android

With Android Nougat Security Config and Retrofit

TLS SSL protocols and cipher suites

Provide the correct cipher suites with the correct protocols for smooth and secure HTTPS experience.

Protect email address displayed on your page

To prevent email harvesters from obtaining them easily

SPF validation for your mail server

Add SPF entry in your DNS records to authorize a mail server

Censoring data in rails log files

Log files should be free of sensitive information

Hiding server identity and signature for Nginx and Passenger

Usually you do not want to expose what server you are using and its version number.

Blocking malicious crawler in nginx

To stay safe and reduce unnecessary bandwidth usage

Using custom DH Param in Nginx

Avoid using nginx default dh param