I figured it was about time for this Gentoo powered blog to enjoy the security and performance enhancements provided by TLSv1.3. However, that meant leaving “Gentoo stable” behind and travel on a journey of discovery into the land of the unmasked and dangerous.

I was unaware that Facebook recently had started to add a unique click identifier to all outbound links on facebook.com. Coincidentally, one of the security measures of this server is to disallow query strings as part of the URL. Thus, any visitors coming over from Facebook were suddenly blocked and banned on sight.

I’m currently experimenting with a few rule conditions to explicitly whitelist the resources I want clients to be able to retrieve on my server. The initial target for this exercise was my onion site which has an issue with misbehaving (poorly written) Tor bots, but I thought it would be fun to extend the experiment to paranoidpenguin.net.

Having a strict content Content Security Policy (CSP) can be a useful addition for your website security. However, when running a content management system (CMS) like WordPress, you’re often forced to make a few a undesired compromises.