Guides

Step-by-step hardening guides: exact config for your platform, honest caveats, and a free tool to verify every change actually shipped.

email auth

Fix SPF and DMARC for the Gmail and Yahoo Sender Requirements

The exact DNS records to publish, in the right order — and the alignment rule that trips most senders. Verify with the SPF & DMARC checker.

headers

How to Enable HSTS on Nginx, Apache and Cloudflare

The one-line header per platform, a safe max-age ramp-up, and why preload shouldn't be your first move. Verify with the headers checker.

headers

Content Security Policy Report-Only Rollout

Deploy CSP in report-only mode, triage the violation reports, then enforce — a staged plan that never breaks production.

How these guides work

Every guide follows the same contract: a "do this now" config block up top for people who just need the line, then the reasoning, the platform-specific traps, and a staged rollout path for changes that can break things. Each one pairs with a free tool on this site, so you're never trusting that a config change worked — you're checking it against what your server actually serves.