Assess site security

[royemosby]

GH pages and Netlify deploys are https by default and have their own automated cert update process

[marcusolsson]

Right now we're using mailto: links with the contact email, which means that email harvesters may pick it up to send spam. There have also been a few vulnerabilities related to mailto links.

If it's important that visitors can contact the team using email, we could also consider a contact form. Netlify Forms looks like a good solution since we don't have a backend (though I've never used it myself).

[hayleyw7]

@marcusolsson Good insights! I personally hate when a website only has a form when I'm a user (instead of actual contact info), but I'm unsure how many people share that sentiment.

[marcusolsson]

I don't disagree 🙂 Just thought I'd at least mention it. AFAIK the attack vector is more client side.