https://post.ch

How SSL/TLS certificates work, how the handshake unfolds and what to watch for when checking — explained in plain English.

HSTS (Strict-Transport-Security) forces browsers permanently to HTTPS. Learn how the header is built, what includeSubDomains and p…

CAA records define which certificate authorities are allowed to issue SSL certificates for your domain. Protection against mis-iss…

DNSSEC protects DNS answers cryptographically against tampering and cache poisoning. Structure, key hierarchy (KSK/ZSK) and how to…

DMARC protects your domain from e-mail spoofing. Learn how the record is structured, what p=none/quarantine/reject mean and how to…

SPF (Sender Policy Framework) prevents foreign servers from sending e-mails under your domain name. Structure, mechanisms and best…

DKIM signs your outgoing e-mails cryptographically — the recipient can reliably verify a mail came from you. Structure, selectors …

The Content-Security-Policy is the most important browser-side defence against XSS. Learn how a CSP is structured and how to roll …

X-Frame-Options prevents clickjacking by controlling whether your site can be embedded in an iframe. Values DENY, SAMEORIGIN and t…

The Referrer-Policy controls which information is sent when users click external links. Values, privacy implications and safe defa…

The Permissions-Policy selectively disables browser features like geolocation, microphone, camera and FLoC. Structure, all directi…

X-Content-Type-Options: nosniff prevents browsers from guessing the MIME type of files. Protection against cross-site-scripting an…

SRI protects external JavaScript and CSS files against tampering on the CDN. Hash-based integrity verification in the browser — ex…

Cross-Origin Resource Sharing controls which foreign sites may call your APIs. Same-Origin policy, preflight requests and the key …

Secure, HttpOnly and SameSite — the three most important cookie flags and what they do. How to harden sessions against XSS, MITM a…