Security Center
Windows used to greet you with three green shields. Here is the honest version for this site: what actually guards it, and what each layer really does.
Cloudflare edge. Every request hits Cloudflare's network before it reaches the origin, so the edge filters traffic, terminates TLS, and absorbs DDoS attempts before they get near me. You reached this page through colo CMH over HTTP/2, TLSv1.3.
Deploy-time delivery. Every deploy purges the edge, shared assets carry short revalidating caches, and pages ship origin-fresh, so a return visit picks up changes without a hard reload and there is no second cache to go stale. (A service worker used to do this job; it retired in v136 because the platform now covers it.) See the recent installs in Windows Update.
Bot management and Web Bot Auth. Cloudflare scores incoming bots. This site signs its own crawler's outbound requests per RFC 9421 and publishes the key at
/.well-known/http-message-signatures-directory, so a site receiving a request can verify it really came from here.Header & transport details
- Content-Security-Policy
- default-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
- Permissions-Policy
- camera, microphone, geolocation, USB, FLoC + 10 more: all denied
- X-Frame-Options
- DENY
- X-Content-Type-Options
- nosniff
- Referrer-Policy
- strict-origin-when-cross-origin
- DNSSEC
- signed (ECDSAP256SHA256, DS at the registrar)
- Content Signals
- search, ai-input, ai-train: all yes (deliberately open)
- This connection
- HTTP/2 · TLSv1.3
Read-only, nothing logged or stored. System Properties shows what your specific request revealed.