Tips for quality website design

anon77371365 · August 22, 2020, 12:54pm

It woRks. Even I did a video on it.https://youtu.be/jzSwu_Ft6OI

anon2380157 · August 23, 2020, 6:55am

But i can’t.

anon77371365 · August 23, 2020, 7:06am

Try using a VpN

HaydenANG · August 23, 2020, 10:34am

It will be one of a few reasons

Your IP address has been blocked (This could be due to an ISP wide block, or a country wide block)
Your internet times our before it finishes the request.
You have a country wide firewall, Preventing access.

MAHOfficial · August 24, 2020, 4:14pm

Because your account might got banned by freenom.
Register a new account and then register domain from that account.

adisp007 · August 25, 2020, 2:43am

I though you already ask about it.
Have you tried my tips?

Fury_Phoenix · September 23, 2020, 6:42pm

Regarding twitter hackers, bitcoin is a very bad choice as it records are public. Next hackers that are smart would have used a VPN.

Oxy · September 24, 2020, 4:56pm

You can’t really hide,
and all pretty much depends on the type and size of the offense (how much resources a government service will spend to find you).

Maybe if you had a van with tinted windows, a good antenna and parked somewhere
and hacked someone else’s WIFI and carried out an attack via his network, and in addition, also had a custom OS that does not give any fingerprint and a browser similar to TOR, and, and…and ultimately a lot of money for various equipment and services.

There are two truths

information regarding an investigation which is served to us publicly
and (probably) the real truth is actually that the secret services and special forces have tools and knowledge of holes in various systems, decryption keys, interception of communication on major internet hubs, eavesdropping, AI, etc., that no one knows about it…

And then they tell us a story like:
some admin stated that someone had hacked his forum - it was probably some rival hacker group
who just dump DB just like that, so the FBI luckily accidentally found it…
(because the investigators must not say or admit that the FBI or some other service probably hacked that forum and the rest of stuff…got the necessary information and in the end find the culprits in these ways)…

Oxy · October 24, 2020, 12:37pm

TigerMANEK426 · October 24, 2020, 11:12pm

Yes

Oxy · January 14, 2021, 4:42pm

I was bothered by the result under the security section (score)
on sites like these https://www.webpagetest.org/ & https://securityheaders.com/

however with Cloudflare workers it is very easy to solve this problem

The example below is for those who know what they are doing and how to customize the code to fit their website - I am not responsible !

Cloudflare offers a free plan which contains

go to CF and select the workers section from the top menu

Create a worker

name it here

4.1 copy/paste this code (modify if necessary)

addEventListener('fetch', event => {
    event.respondWith(handleRequest(event.request));
  })

async function handleRequest(request) {
    const response = await fetch(request);
    return getSecuredResponse(response);
}

const securityHeaderMap = {
    "Strict-Transport-Security" : "max-age=2592000; includeSubDomains; preload",
    "Content-Security-Policy" : "upgrade-insecure-requests",
    "Feature-Policy" : "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'",
    "Referrer-Policy" : "strict-origin-when-cross-origin",
    "X-Content-Type-Options" : "nosniff",
    "X-Frame-Options" : "SAMEORIGIN",
    "X-Xss-Protection" : "1; mode=block"
};

const headerDeletionList = [
    "X-Powered-By"
];

async function getSecuredResponse(response) {
    let responseHeaders = new Headers(response.headers);

    // Return immediately if response is not 'text/html'
    if(isResponseContentTypeNotHtml(responseHeaders)) {
        return response;
    }

    // Add security headers to response.
    Object.entries(securityHeaderMap).map(([name, value]) => responseHeaders.set(name, value));

    // Delete headers from response.
    headerDeletionList.forEach(name => responseHeaders.delete(name));

    // Return response with modified headers.
    return new Response(response.body , {
        status: response.status,
        statusText: response.statusText,
        headers: responseHeaders
    });
}

function isResponseContentTypeNotHtml(headers) {
    const contentType = headers.get('content-type');
    return !contentType || !contentType.includes("text/html");
}

4.2 save

now it is necessary to tell the worker when it will be activated (add route)
select the workers tab again from the top menu

41031×585 69.5 KB

6.1 domain or all subdomains, etc… - consult here (click me)
6.2 the name of our worker
6.3 I chose not to throw out the error

validate (click me)

8. if it doesn’t work properly - edit the trigger or worker code

Good luck !

useful link OWASP Secure Headers Project | OWASP Foundation

anon77371365 · January 14, 2021, 4:44pm

Thanks Oxydac, I was thinking how to inject those headers while using GitHub Pages. thanks :)))

FlutterHoney · January 14, 2021, 9:26pm

You (previously) got D in Security zone?
I got F in First Byte Time
Press F

anon2458064 · January 15, 2021, 4:51am

F yes this is a complete sentence.

anon77371365 · January 15, 2021, 5:44am

Thanks @Oxy

yay!
"Permissions-Policy" : "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'",
Add this in too,

Oxy · January 15, 2021, 10:42am

HI

if you do not write the protocol in the address (no https )
then time is wasted on redirecting to https (301)

that’s why you’ve already lost a few dozen MS
so your grade was lower

in addition you have a WP that takes some time to generate

look at the address in my picture

btw. look here (click me) all marked in yellow (it takes a lot of time for gmaps, etc. )
and such things that you do not use or do not work properly for who knows what reasons need to be corrected

you’re welcome - if you’re happy, so am I

FlutterHoney · January 15, 2021, 11:10am

Thanks for your advice. I’ll look to it

Erraticstuff · January 15, 2021, 11:14am

because I’m building an web app I’m not gonna do that ^^^

anon77371365 · January 15, 2021, 1:48pm

Depends @Erraticstuff

Oxy · January 18, 2021, 4:18pm

Due to various optimizations and compressions; HTML comments are often not displayed (in my case Cloudflare).

So if you want to send a message to some thief, hacker, or whatever, you can also send it via the browser console.

<script>

      const OxyDacConsole='color:#ff680d;font-size:40px;font-weight:bold;';
	  const OxyDacTextConsole='color:#ff680d;font-size:14px;';
	  console.log('%c© Oxy Dac', OxyDacConsole);
	  console.log("%cAll rights reserved. If you alter, transform, build or republish this work you may distribute it only with copyright holder's explicit permission.",OxyDacTextConsole);
	  console.log('%cSee https://oxydac.cf/conditions.htm for more information.',OxyDacTextConsole);
	  
</script>

%c = directive to apply a CSS style to console output. The text before the directive will not be affected, but the text after the directive will be styled using the CSS declarations in the parameter

Of course you can also add background color, emojis, and so on.

Pay attention to choose the color of the text that is visible on a black or white background (depending on the user theme of the browser and OS).

It is best to minify the code and put it on the bottom in some external JS file ( all in one JS file ) which was always loaded on all pages anyway,
so that there are no additional calls in the HTML and that you don’t have to write code in every page you want it to appear on.

P.S. of course it can also be some funny message