From 35f926e00e8d6466803e6c869e7a555bec7a9e4c Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Tue, 23 Mar 2021 10:11:24 -0400
Subject: [PATCH] list more web service / site security features

---
 static/features.html | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/static/features.html b/static/features.html
index 44633f19..f2a8adfc 100644
--- a/static/features.html
+++ b/static/features.html
@@ -210,7 +210,12 @@
                     <li>Authenticated encryption for all of our services</li>
                     <li>Strong cipher configurations for all of our services (SSH, TLS, etc.) with
                     only modern AEAD ciphers providing forward secrecy</li>
-                    <li>Our web services use OCSP stapling with Must-Staple</li>
+                    <li>Our web services use robust OCSP stapling with Must-Staple</li>
+                    <li>Our web sites do not include any third party content and entirely forbid
+                    it via strict Content Security Policy rules</li>
+                    <li>Our web sites disable referrer headers to maximize privacy</li>
+                    <li>Our web sites fully enable cross origin isolation and disable embedding in
+                    other content</li>
                     <li>DNSSEC implemented for all of our domains</li>
                     <li>DNS Certification Authority Authorization (CAA) records for all of our
                     domains permitting only Let's Encrypt to issue certificates with fully