Lone Star ITS blue star logo mark Lone StarITS

Security

Security-first website practices.

How Lone Star ITS protects this static site and how visitors should handle sensitive information.

Lone Star ITS logo

Security

Security Practices

Lone Star ITS uses a static GitHub Pages website, HTTPS enforcement, restrictive page-level security headers, a least-privilege contact form, and a Cloudflare Worker proxy for the chat assistant so browser code does not expose AI provider API keys.

Visitors should never send passwords, MFA codes, API keys, private keys, recovery phrases, or other credentials through the contact form or chat widget. If support work requires credential handling, use an agreed secure process outside the public website.

Responsible disclosure: if you believe this website exposes sensitive data or has a security issue, use the Contact page and include a concise, non-destructive description. Do not access, modify, delete, or exfiltrate data.

Operational recommendations before production launch: enable GitHub Pages HTTPS, verify the custom domain in GitHub, keep DNS records minimal, rotate any old Worker/API secrets, set Cloudflare Worker secrets with environment variables only, and review third-party processors such as Formspree.