Guides
Step-by-step hardening guides: exact config for your platform, honest caveats, and a free tool to verify every change actually shipped.
Fix SPF and DMARC for the Gmail and Yahoo Sender Requirements
The exact DNS records to publish, in the right order — and the alignment rule that trips most senders. Verify with the SPF & DMARC checker.
How to Enable HSTS on Nginx, Apache and Cloudflare
The one-line header per platform, a safe max-age ramp-up, and why preload shouldn't be your first move. Verify with the headers checker.
Content Security Policy Report-Only Rollout
Deploy CSP in report-only mode, triage the violation reports, then enforce — a staged plan that never breaks production.
How these guides work
Every guide follows the same contract: a "do this now" config block up top for people who just need the line, then the reasoning, the platform-specific traps, and a staged rollout path for changes that can break things. Each one pairs with a free tool on this site, so you're never trusting that a config change worked — you're checking it against what your server actually serves.
weekly kev brief
Patch what's actually being exploited.
One email a week: the vulnerabilities under active attack, prioritized — no noise.
Free. No spam. Unsubscribe anytime. Delivered by Beehiiv.