CORS Misconfiguration: How to Check and Fix It
CORS misconfigurations are one of the most common web security flaws — and they can let any website steal your users’ data. Here’s how to find and fix them.
Security Guides
Permissions-Policy Header: What It Does and How to Set It
The Permissions-Policy header controls which browser features your site can access. Here’s the full list of directives, what they do, and how to configure them on Nginx, Apache, and Cloudflare.
We Scanned Hundreds of Websites. Most Are Failing Basic Security.
We analyzed 150+ security scans from GuardScan. Only 8% scored an A. The majority landed at C or D. Here’s what’s going wrong and how to fix it.
How to Check If Your Website Has SPF and DMARC Records (And Why Email Security Matters)
SPF and DMARC records stop attackers from sending emails as your domain. Here’s how to check yours in 10 seconds, and what to do if they’re missing.
How to Check Your SSL Certificate (And Why It Matters)
Your SSL certificate is the padlock in your browser’s address bar. Here’s how to check if it’s valid, when it expires, and what to do if it’s broken.