Security Center
Web security alerts, guides and analysis by Sofistic's cybersecurity team.
Why HTTPS Is Not Enough: The Headers Your Website Needs
Having HTTPS does not protect your site against XSS, clickjacking, or data leaks. Learn about the 6 essential HTTP security headers you should configure today and how to verify them automatically with UareSafe.
SPF, DKIM and DMARC: the triad that protects your corporate email
91% of cyberattacks start with a phishing email. SPF, DKIM and DMARC are the three DNS protocols that prevent attackers from impersonating your domain. Learn how to configure them correctly and why UareSafe evaluates them in every certification.
TLS 1.2 stands alone: what it means for your website
TLS 1.0 and 1.1 were formally deprecated in 2021. TLS 1.3 is now the gold standard. TLS 1.2 remains secure when properly configured, but its window of relevance is closing steadily.
Subdomain takeover: the forgotten vulnerability
A DNS record pointing to a decommissioned service is all an attacker needs to take control of your subdomain. Learn how subdomain takeover works, why it is critical, and how to detect it before it is too late.
What is CSP and why 90% of websites get it wrong
Content-Security-Policy is the most powerful HTTP security header against XSS, yet over 90% of websites either lack it entirely or have it misconfigured. Learn which directives matter, the 5 most common mistakes, and how to build a solid CSP from scratch.
Verify your site for free
Web security alerts, guides and analysis by Sofistic's cybersecurity team.
Verify your site for free