ZeriFlow Journal
Actionable articles on TLS, headers, CSP, privacy, and practical hardening for modern web apps.
Categories
SecurityHeaders.com is a great tool for checking HTTP security headers, but it only tells part of the story. Discover what it misses and how to get a complete security picture.
Learn what a security.txt file is, why it matters for responsible disclosure, and how to create one for your website in under 10 minutes.
Qualys SSL Labs is the gold standard for TLS testing, but it only covers one dimension of website security. Learn what it misses and how to get the full picture.
A complete guide to HTTP Strict Transport Security (HSTS). Learn what it does, how to enable it, and avoid the common pitfalls that break your site.
15 essential WordPress security hardening steps. From basic settings to advanced configuration, protect your WordPress site from the most common attacks.
Running a web agency? Learn how to integrate security into every project, offer security audits as a service, and protect your clients from costly breaches.
Step-by-step guide to adding the 6 most important HTTP security headers. Works for Nginx, Apache, Cloudflare, Vercel, and Next.js.
The OWASP Top 10 security risks explained in plain language. No jargon, real examples, and practical fixes for each vulnerability.
Learn how the Permissions-Policy HTTP header works, which browser features to restrict, and how to configure it on Nginx, Apache, Cloudflare, and Next.js.