With Content Security Policy, and reporting provided by Report URI, you can take full control of resources that are permitted to load on your site. Taking control of where JavaScript can be loaded and executed from is a powerful mitigation for one of the most common forms of attacks seen against web applications, Cross-Site Scripting (XSS).
KEY FEATURES
Whilst the main attraction to CSP is mitigating Cross-Site Scripting attacks, it has a lot more to offer. Here are just a few of the things that you can do with CSP:
- Detect mixed-content
- Control where forms can post data
- Restrict loading of any content type
- Automatically fix mixed-content
- Control nested browsing contexts
- Defend against click-jacking
How HTTP/2 Works, Performance, Pros & Cons and More
HTTP/2 or H2 for short is a major revision of the hyper text transfer protocol that improves the performance of the web. It uses a binary protocol and multiplexing.
In this video I want to go through how HTTP/2 works, its pros and cons and show the performance difference between HTTP 1.1 and HTTP/2
Http/1
request has to wait for a response
And if you used up your connection response you can send anything else.
What is Redis Object Caching and How to Use It for Your WordPress Site
Redis and object caching can vastly speed up your WordPress page load times with each subsequent visit. It’s also used by many popular websites like GitHub, Pinterest, StackOverflow and many others.
Remote Dictionary Server (Redis) “is an open source, in-memory data structure store used as a database, cache, and message broker.” It’s a key-value store which is often called a NoSQL database.
It’s best used on dynamic websites such as WordPress sites when it comes to object caching, which caches repeating query results.
Today, I’ll share more detail on object caching, its benefits, and how to install and use Redis for object caching on WordPress websites.
More: kinsta.com
Plugin: redis-cache
Hosting multiple SSL-enabled sites with Docker and Nginx
In one of our most popular tutorials—Host multiple websites on one VPS with Docker and Nginx—I covered how you can use the
nginx-proxyDocker container to host multiple websites or web apps on a single VPS using different containers.As I was looking to enable HTTPS on some of my self-hosted services recently, I thought it was about time to take that tutorial a step further and show you how to set it up to request Let’s Encrypt HTTPS certificates.
With the help of
docker-letsencrypt-nginx-proxy-companion(Github), we’ll be able to have SSL automatically enabled on any new website or app we deploy with Docker containers.Prerequisites
- Any of our OS options—Ubuntu, Debian, or CentOS. Just a note: we’ve only tested Ubuntu 16.04 as of now.
- A running Docker installation, plus
docker-compose—see our Getting Started with Docker guide for more information.