Security

Cyber-resilient website design

No public website can be guaranteed immune from cyber attack. This site is designed to reduce risk through simplicity, privacy minimisation and hardened browser controls.

Included protections

• Static files only in the starter version.
• No database, no login, no server-side sessions.
• Strict Content Security Policy in the Cloudflare Pages _headers file.
• HTTPS and HSTS-ready configuration.
• No external scripts or fonts.
• Minimal local JavaScript.

Recommended operations

Keep dependencies minimal, review all future third-party embeds, enable Cloudflare security features, monitor changes, and test forms or APIs before adding them.