Changelog

12/04/2026

Added automatic script to server (cron job) which runs once an hour checking for a file indicating that the site should be rebuilt. This allows making changes to the site and having them built without needing to connect to the server.

For security reasons, I did it this way to avoid opening an incoming port on the server.

06/04/2026

Completed move of hosting to Debian 13 based server, still with Hetzner. No visual change.

23/03/2026

Changed the barchart styling to not use inline CSS. No visual change.

22/03/2026

Added Subresource Integrity to relevant LINK and SCRIPT tags.

This added an extra 5 points to my score on the HTTP Observatory.

09/09/2025

Added some basic pseudo privacy features.

02/09/2025

Added permissions-policy header setting.

15/06/2025

Removed double slashes from the canonical url of the pages.

14/06/2025

Modified CSS files slightly as previous changed had broken the style picker.

Update theme picker to not use inline JavaScript as this was throwing console errors due to the script security policy of the site.

07/06/2025

Added dimensions to footer images to improve lighthouse speed score.

Merged CSS files into one file to improve lighthouse LCP values on mobile devices.

26/05/2025 - 2

Modified Bac calculator to no longer use the eval statement. So I can remove the unsafe-eval statement in the CSP. My score is back 120.

26/05/2025 - 1

Added 'unsafe-eval' to script-self for the import function on the bac marks calculator to work. This knocks my score down from 120 to 110, but it remains an A+ security rating.

This imports a JSON string of your entries so that they can saved and reimported later.By setting unsafe-eval the browser is allowed to evaluate user generated JavaScript. Since I only have one page which needs to do this I decided it's OK. And again: This is after all a personal blog using static pages only.

24/05/2025

Updated the Bac calculator to not use inline Javascript, which is prevented by my Content Security Policy.

31/03/2025

Added 'unsafe-inline' to style-self for the barcharts to work at the bottom of the archive pages. This knocks my Mozilla's HTTP Observatory score down from 130 to 120, but it's still an A+ security rating.

The risk with this setting is that the look and feel could potentially be altered through injection of inline CSS, but since the site is securely served using HTTPS, that seems unlikely and even if it did occur, not too serious. This is after all a personal blog using static pages only.