Security is always a key part of the design choices we make, and we are pleased to this week roll out a series of improvements to your website security. This has been made possible by browsers improving their capabilities and some older browsers falling out of use.

IE 11 is still our minimum supported browser, and now we’ve removed TLS 1.1, leaving only TLS 1.2 and 1.3. We’ve removed all algorithm choices which don’t offer Perfect Forwarding Secrecy (PFS), meaning that even if your site’s encryption was broken that still would not give an attacker the ability to decrypt previous data they captured from your site.

We implemented certificate revocation stapling (OCSP) which will improve speed of the first browser connection to your site, improve security and eliminate on possible cause of website failure if the third party OCSP service is offline. We were hit by an OCSP outage several years ago, blocking access to systems for several hours so its nice not to depend on a third party service who we aren’t paying to deliver us an uptime SLA.

In addition, some new headers like X-Frame-Options prevent your site from being hijacked. You can check out what we’ve done here.

Check out your site’s encryption level with this neat tool. We’ve always met the credit card industry PCI DSS standard, and now we also meet the stronger NIST and HIPAA standards with regard to cipher algorithms, headers and other public facing security.

Naturally this is only one part of the security puzzle. Ensuring your users have good passwords they don’t re-use elsewhere, enable 2FA and have good practices to ensure their machines aren’t compromised: these things are just as critical.