Saucy uses Cloudflare
Full SSL (Strict) 256 Bit Encryption
SSL (Secure Socket Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This secure link ensures that all data transferred remains private. It’s also called TLS (Transport Layer Security). Millions of websites use SSL encryption everyday to secure connections and keep their customer’s data safe from monitoring and tampering. Full SSL (strict) ensures a secure connection between both the visitor and your Cloudflare domain and between Cloudflare and your origin web server. Full (strict) support SSL hostname validation against CNAME targets.
PCI Compliance
TLS 1.2 is what the website uses at a bare minimum to be compliant with PCI in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data. Both TLS 1.0 and TLS 1.1 are insufficient for protecting information due to known vulnerabilities. They are insufficient to secure payment card related traffic.
TLS 1.3
TLS 1.3 is the newest, fastest, and most secure version of the TLS protocol. SSL/TLS is the protocol that encrypts communication between users and the website. When web traffic is encrypted with TLS, users will see the green padlock in their browser window. Traffic to and from the website will be served over the 1.3 protocol when supported by clients.
Authenticated Origin Pulls
Authenticated Origin Pulls allows for verification that web requests to the origin server have come from Cloudflare. This prevents traffic from bypassing security measures provided by Cloudflare, such as IP and Web Application Firewalls, logging, and encryption. Cloudflare origin-pull servers present a TLS client certificate as part of connections to the origin. Web servers and other infrastructure can be configured to require client certificate authentication for connections.
Opportunistic Encryption
Opportunistic Encryption allows browsers to benefit from the improved performance of HTTP/2 by letting them know that your site is available over an encrypted connection. Browsers will continue to show “http” in the address bar, not “https”.
Automatic HTTPS Rewrites
Automatic HTTPS Rewrites helps fix mixed content by changing “http” to “https” for all resources or links on your web site that can be served with HTTPS.
DDOS Protection
-HTTP FloodPrevents attacks caused from a flood of HTTP requests.
-UDP FloodPrevents attacks caused from a flood of UDP packets.
-SYN FloodPrevents attacks caused from a flood of TCP packets sent with SYN flag.
-ACK FloodPrevents attacks caused from a flood of TCP packets sent with ACK flag.
-QUIC FloodPrevents attacks caused from a flood of QUIC requests.
Web Application Firewall
Saucy has its own Web Application Firewall (WAF) to increase Security
Bot Fight Mode
Saucy keeps out known bots and presents suspicious users with a Managed Challenge by Cloudflare
Rate Limiting
If rate is greater than 5 requests per 10 seconds for verified bots, user will get rate limited
HSTS
HTTP Strict Transport Security (HSTS, RFC 6797) is a header which allows a website to specify and enforce security policy in client web browsers. This policy enforcement protects secure websites from downgrade attacks, SSL stripping, and cookie hijacking. It allows a web server to declare a policy that browsers will only connect using secure HTTPS connections, and ensures end users do not “click through” critical security warnings. HSTS is an important security mechanism for high security websites. HSTS headers are only respected when served over HTTPS connections, not HTTP.
DNNSEC
DNNSEC protects against forged DNS answers. DNSSEC protected zones are cryptographically signed to ensure the DNS records received are identical to the DNS records published by the domain owner.
X-Frame-Options
X-Frame-Options are set to DENY & SAMEORIGIN.
X-XSS-Protection
To prevent cross-site scripting (XSS) attacks. Set to X-XSS-Protection: 1
Content Security Policy (CSP)
Saucy has a Content Security Policy.
Security Scans
SSL Check 1
SSL Check 2
Vulnerabilities Sca