- https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning
- https://raymii.org/s/articles/HTTP_Public_Key_Pinning_Extension_HPKP.html
/etc/ufw/before.rules
- ICMP rules (change ACCEPT to DROP) or totally remove them [Ubuntu]
- Disable (the best all) 3rd party scripts on pages with sensitive param in the URL to prevent Cross-domain Referer Leakage.
- Cookies always with HttpOnly and Secure flags.
- Always change cookie session name per project.
We follow the advice given in the above articles at Bigger Picture to achieve A+ security ratings from HT Bridge and the other one.