About this website

I take pride in making my website perform as well as it possibly could, while staying practical about it.

Type What?
DNSSEC Enabled. Private key can't be leaked (stored in a HSM).
IP Protocols IPv6 (anycast, faster!)
IPv4 (unicast)
Running on nginx (mainline)
Built with Grav
Backed by PHP 7.3
Protocol negotiation methods ALPN, NPN.
Communication Protocols HTTP/2 (& SPDY/3.1)
HTTP/1.1
HTTP/1.0
QUIC (currently researching options)
Compression methods (resources only) Brotli (static and dynamic)
gzip (static and dynamic)
SSL Required Yes, full redirect with HSTS-header. Subdomains included.
SSL Dynamic Record Sizing Disabled. Enabled, from 1369 to 4229 bytes. Max buffer is 16k.
SSL Protocols TLSv1.3 (final version only - not supported by major browsers yet)
TLSv1.2
SSL Certificate Provider Let's Encrypt (CAA-record enabled, secured with DNSSEC).
SSL Certificate Types 384-bit Elliptic Curve with SHA256+RSA signature.
SSL Certificate TLSA/DANE Enabled (Setting: '1 1 1'). Temporarily disabled.
SSL Stapling Not required by certificates, but enabled with verification.
SSL ECDH Curves SECP384R1
X25519
SSL Ciphers (TLS 1.3) AES-128-GCM-SHA256 (fastest for desktops)
AES-256-GCM-SHA384
CHACHA20-POLY1305-SHA256 (fastest for mobile)
SSL Ciphers (TLS 1.2) EECDH+AESGCM
EDH+AESGCM
AES256+EECDH
AES256+EDH