## CSP-Active

be sure to look here:

https://github.com/nico3333fr/CSP-useful/blob/master/csp-wtf/explained.md

Also make sure you log:

https://mgdm.net/weblog/csp-logging-with-nginx/

useful: 

https://www.troyhunt.com/locking-down-your-website-scripts-with-csp-hashes-nonces-and-report-uri/
https://www.troyhunt.com/how-chromes-buggy-content-security-policy-implementation-cost-me-money/
https://www.uriports.com/blog/creating-a-content-security-policy-csp/
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://cspscanner.com/?q=https%3A%2F%2Fluxagraf.net

## You Don't Need Cloudfront

https://www.freecodecamp.org/news/do-not-use-s3-for-static-assets/

## Mx Route Email Notes

had to split domain key dkim value for Route53: https://aws.amazon.com/premiumsupport/knowledge-center/route53-resolve-dkim-text-record-error/