Updating DNSSEC Keys and HTTP Security Headers
Root Key Signing Key Rollover Support
ICANN has been sending out emails to Network Operators pushing them to update their nameservers to support the Root Zone KSK Rollover.
We found that one of our DNSSEC enforcing resolves was not up to date so that situation has been resolved.
More information about the KSK Rollover can be found at ICANN’s website.
HTTP Security Headers
We’ve recently moved this website from services01 to services04 and took the opportunity to tweak the nginx config.
We now specify a Content Security Policy to define where website resources can be loaded from and have set a Feature-Policy to prevent this website (or any downstream resources) from requesting your location or access to your camera / microphone.
You can check out the other security settings here.