Sovereign Security: Dashboard
A living, opinionated checklist of transport, email, and web security for this domain. This page is generated periodically by open‑source scanners on my cron box and rebuilt as a static page. A one‑stop view I can check at a glance.
It isn’t meant to be exhaustive or cover every RFC corner case. It highlights:
- the essentials I consider baseline security, and
- the things I personally care about or just think are cool.
It was born out of a frustration of having to check 10 different tools for 5 different domains, some of which were too deep. I wanted a dashboard that showed 10 domains at a high level and then allowed digging into raw repots if I want.
Today it covers TLS/transport, email posture, security headers, and Lighthouse top‑line scores. Over time I’ll extend it with basic SEO signals, .well-known checks, DNS hygiene, performance budgets, and user‑respecting choices (no trackers, minimal JS).
All of this is publicly discoverable anyway, so I’d rather publish it myself. For transparency, the raw reports are linked at the bottom.
Transport Security A+
- ✅ TLS grade A+
- ✅ TLS 1.3 enabled
- ✅ TLS 1.2 enabled
- ✅ No SSLv3/TLS1.0/1.1
- ✅ No weak ciphers
- ✅ Perfect Forward Secrecy
- ✅ HTTP/2
- ✅ HTTP/3 / QUIC
- ✅ OCSP stapling
Email Security
- ✅ SPF
v=spf1 -all - ✅ DMARC (missing)
- ✅ MTA-STS
- ✅ TLS-RPT
- ✅ BIMI → logo
Web Security Headers
- ✅ HSTS max-age ≥ 15552000
- ✅ HSTS includeSubDomains
- ✅ HSTS preload
- ✅ Content-Security-Policy
- ✅ Referrer-Policy
- ✅ Permissions-Policy
- ✅ X-Frame-Options
- ✅ X-Content-Type-Options
- ✅ Cache-Control
Lighthouse
- ✅ Performance ≥ 90 (100)
- ✅ SEO ≥ 90 (100)
- ✅ Best Practices ≥ 90 (96)
- ✅ Accessibility ≥ 90 (100)