Website security

CMSPro public website security

This page summarizes security practices for the public marketing website at www.cmspro.co. It does not replace the product security documentation, customer agreement, or in-app policies for CMSPro application environments such as app.cmspro.co or app1.cmspro.co.

Please do not submit production crew records, identity documents, payroll data, or other sensitive operational data through public website forms.

Transport and browser protections

The public website is served over HTTPS and uses security-focused response headers, including content security controls, clickjacking protection, referrer limits, and browser permission restrictions where appropriate.

Form and abuse protection

Public forms are protected with server-side validation, CSRF checks, size limits, and anti-abuse controls. Form submissions are intended for legitimate business inquiries only.

Minimal website data handling

The public website is designed to collect only limited inquiry and technical information needed to respond to requests, operate the site, and investigate abuse or security events.

Server-side logging

Security-relevant website events are logged server-side. Sensitive credentials, secrets, and internal error details should not be exposed through public browser responses.

Responsible disclosure

To report a security concern related to the public website, contact [email protected]. Privacy requests can be sent to [email protected].