Security
Security Practices
Lone Star ITS uses a static GitHub Pages website, HTTPS enforcement, restrictive page-level security headers, a least-privilege contact form, and a Cloudflare Worker proxy for the chat assistant so browser code does not expose AI provider API keys.
Visitors should never send passwords, MFA codes, API keys, private keys, recovery phrases, or other credentials through the contact form or chat widget. If support work requires credential handling, use an agreed secure process outside the public website.
Responsible disclosure: if you believe this website exposes sensitive data or has a security issue, use the Contact page and include a concise, non-destructive description. Do not access, modify, delete, or exfiltrate data.
Operational recommendations before production launch: enable GitHub Pages HTTPS, verify the custom domain in GitHub, keep DNS records minimal, rotate any old Worker/API secrets, set Cloudflare Worker secrets with environment variables only, and review third-party processors such as Formspree.
