Security posture and disclosure policy
A practice that advises on cybersecurity should hold its own site to the same standard. Every control below is stated plainly and can be verified independently — you do not have to take our word for it.
How this site is secured
Each item below is a control actually in place, paired with a way to confirm it yourself using independent, third-party tools.
HTTPS enforced
All traffic is served over TLS. Plain-HTTP requests are redirected to HTTPS. The certificate is issued by Let's Encrypt and renews automatically.
DNSSEC enabled
Domain Name System Security Extensions cryptographically sign our DNS records, preventing spoofing and cache-poisoning of sanctir.com resolution.
Content Security Policy
A restrictive CSP is set on every page, constraining what may load and execute. Framing is denied; object and base-URI sources are locked down.
No third-party trackers
This site loads no analytics, advertising, or behavioral-tracking scripts. Fonts and stylesheets are self-hosted from the same origin. You can confirm this in your browser's network inspector.
SPF, DKIM & DMARC
Mail from sanctir.com is authenticated with SPF, DKIM signing, and a DMARC policy, reducing the risk of spoofed correspondence in our name.
Reporting a vulnerability
If you have identified a security vulnerability affecting sanctir.com, we welcome your report and will treat it seriously. Please send details — including steps to reproduce and any relevant technical context — to the security contact below.
We will acknowledge receipt and respond as promptly as circumstances allow. In the course of your research, we ask that you act in good faith: avoid privacy violations, service disruption, and any destruction or exfiltration of data.
A machine-readable policy is published at /.well-known/security.txt in accordance with RFC 9116.
Security Contact
Policy File
Scope
- sanctir.com and subdomains
- Email authentication for sanctir.com