<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Security-Headers on Bill's Blog</title><link>https://billalrehmani.pages.dev/tags/security-headers/</link><description>Recent content in Security-Headers on Bill's Blog</description><image><title>Bill's Blog</title><url>https://billalrehmani.pages.dev/images/eft-bg.jpg</url><link>https://billalrehmani.pages.dev/images/eft-bg.jpg</link></image><generator>Hugo</generator><language>en-AU</language><lastBuildDate>Sun, 12 Jul 2026 23:29:00 +1000</lastBuildDate><atom:link href="https://billalrehmani.pages.dev/tags/security-headers/index.xml" rel="self" type="application/rss+xml"/><item><title>Moving the Blog off GitHub Pages — for Real Security Headers</title><link>https://billalrehmani.pages.dev/posts/cloudflare-pages-migration-security-headers/</link><pubDate>Sun, 12 Jul 2026 23:29:00 +1000</pubDate><guid>https://billalrehmani.pages.dev/posts/cloudflare-pages-migration-security-headers/</guid><description>Why I moved this Hugo blog from GitHub Pages to Cloudflare Pages: GitHub Pages can&amp;#39;t set custom HTTP response headers, so a meta-tag CSP was as far as my security posture could go.</description></item></channel></rss>