Security

Fediview's security practices and how to report security issues.

Last updated: January 03, 2026

This page describes Fediview’s approach to security and provides guidance for reporting potential vulnerabilities.

Our Security Approach

Fediview is a static informational website with no user accounts, databases, or dynamic application logic. Our security considerations focus on:

  • Maintaining content integrity
  • Protecting visitors from malicious content
  • Securing our hosting and deployment processes
  • Responding appropriately to reported issues

Infrastructure Security

Hosting: We use Cloudflare Pages for hosting, which provides:

  • DDoS protection
  • Automatic HTTPS
  • Edge caching
  • Web application firewall capabilities

Deployment: Our deployment process uses:

  • Source control for all changes
  • Automated builds from version control
  • No direct server access needed

Content Security

We implement security headers including:

  • Content-Security-Policy to control resource loading
  • X-Content-Type-Options to prevent MIME sniffing
  • X-Frame-Options to prevent clickjacking
  • Referrer-Policy to control referrer information

No User Data

We don’t operate user accounts or store personal data beyond:

  • Standard server logs (IP addresses, timestamps)
  • Email correspondence if you contact us

Reporting Security Issues

If you discover a security vulnerability affecting Fediview, please report it responsibly.

What to Report

  • Vulnerabilities in our website or hosting configuration
  • Security misconfigurations exposing data
  • Issues with our content that could harm visitors
  • Problems with third-party resources we embed (if any)

How to Report

Email: security@fediview.com

Include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Your contact information (optional but helpful)

What to Expect

  • Acknowledgment: We’ll confirm receipt within 48 hours
  • Assessment: We’ll evaluate severity and validity
  • Updates: We’ll keep you informed of progress
  • Resolution: We’ll fix valid issues as quickly as possible
  • Credit: We’ll acknowledge your report (if desired) once resolved

What We Ask

  • Give us reasonable time to address issues before public disclosure
  • Avoid accessing or modifying others’ data
  • Don’t disrupt our services while testing
  • Act in good faith throughout the process

security.txt

We maintain a security.txt file at:

This follows the security.txt standard for security contact information.

Threat Model

Understanding what we protect against:

In Scope

  • Content injection or modification
  • Redirect vulnerabilities
  • Information disclosure from hosting
  • SSL/TLS configuration issues
  • Security header misconfigurations

Out of Scope

  • Vulnerabilities in third-party services we mention (report to them directly)
  • Social engineering attacks on us (we have processes for verification)
  • Physical security of our infrastructure (managed by hosting provider)
  • Denial of service (mitigated by Cloudflare)

For Fediverse Users: General Security Guidance

While not specific to Fediview, here’s security guidance for fediverse users:

Account Security

  • Use strong, unique passwords
  • Enable two-factor authentication if available
  • Review authorized applications regularly
  • Revoke access for apps you no longer use

Instance Selection

  • Choose instances with clear security practices
  • Verify HTTPS is properly configured
  • Consider the instance administrator’s track record
  • Understand the instance’s backup and data policies

Client Security

  • Use clients from reputable sources
  • Keep applications updated
  • Review permissions requested by clients
  • Be cautious with new or unknown tools

Content Security

  • Don’t click suspicious links
  • Verify accounts before interacting (impersonation exists)
  • Be cautious with direct messages from strangers
  • Report phishing attempts to instance administrators

Secure Communication

If you need to communicate sensitive information:

Email: Use security@fediview.com

We don’t currently offer PGP encryption for email, but can arrange alternative secure channels for sensitive reports if needed.

Incident Response

If we discover a security incident affecting visitors:

  1. We’ll assess the scope and impact
  2. We’ll take immediate remediation steps
  3. We’ll notify affected parties if applicable
  4. We’ll document the incident and response
  5. We’ll implement measures to prevent recurrence

Updates to This Policy

We may update this security page as our practices evolve. Significant changes will be noted in our changelog.

Questions

For security-related questions that aren’t vulnerability reports, you can also reach us through our contact page.

Last updated: January 3, 2026