Learn

Security topic explainers

Long-form background on the controls Scorifya checks for — what each one does, why it exists, and how to think about rolling it out. Each topic links to the action-oriented check pages and stack guides for hands-on rollout.

• What is Content Security Policy (CSP)? A practical explainer

  An accessible explanation of Content Security Policy: what it does, why it exists, the directives that matter, and how to roll one out without breaking your app.

• What is HSTS? HTTP Strict Transport Security explained

  How HSTS works, why the bootstrap window matters, what max-age and includeSubDomains do, and when (or whether) to submit your domain to the browser preload list.

• CORS explained: how cross-origin requests actually work

  A practical explainer of CORS — same-origin policy, preflight requests, the headers that matter, and the configurations that quietly break security.

• DMARC, SPF, and DKIM explained: the email authentication trio

  A practical guide to email authentication: what SPF, DKIM, and DMARC each do, why all three are needed, and how to roll out a DMARC policy that actually blocks spoofed mail.

• TLS versions explained: 1.0, 1.1, 1.2, 1.3 and what to disable

  What's actually different between TLS 1.0, 1.1, 1.2, and 1.3 — cipher suites, forward secrecy, performance — and which versions to disable for compliance and security.