Security

Security posture and disclosure policy

A practice that advises on cybersecurity should hold its own site to the same standard. Every control below is stated plainly and can be verified independently — you do not have to take our word for it.


Verifiable Posture

How this site is secured

Each item below is a control actually in place, paired with a way to confirm it yourself using independent, third-party tools.

Transport

HTTPS enforced

All traffic is served over TLS. Plain-HTTP requests are redirected to HTTPS. The certificate is issued by Let's Encrypt and renews automatically.

DNS

DNSSEC enabled

Domain Name System Security Extensions cryptographically sign our DNS records, preventing spoofing and cache-poisoning of sanctir.com resolution.

Application

Content Security Policy

A restrictive CSP is set on every page, constraining what may load and execute. Framing is denied; object and base-URI sources are locked down.

Privacy

No third-party trackers

This site loads no analytics, advertising, or behavioral-tracking scripts. Fonts and stylesheets are self-hosted from the same origin. You can confirm this in your browser's network inspector.

Open browser dev tools › Network
Email

SPF, DKIM & DMARC

Mail from sanctir.com is authenticated with SPF, DKIM signing, and a DMARC policy, reducing the risk of spoofed correspondence in our name.


Coordinated Disclosure

Reporting a vulnerability

If you have identified a security vulnerability affecting sanctir.com, we welcome your report and will treat it seriously. Please send details — including steps to reproduce and any relevant technical context — to the security contact below.

We will acknowledge receipt and respond as promptly as circumstances allow. In the course of your research, we ask that you act in good faith: avoid privacy violations, service disruption, and any destruction or exfiltration of data.

A machine-readable policy is published at /.well-known/security.txt in accordance with RFC 9116.

Security Contact

Policy File

Scope

  • sanctir.com and subdomains
  • Email authentication for sanctir.com

Return to Sanctir