Security is our #1 priority. When running a large e-commerce website, bad actors are relentlessly trying to infiltrate and figure out ways to steal personal information. And unfortunately, these bad actors get more sophisticated over time.
Our Website Security Measures
At Pure CBD Now, we take many steps to prevent theft and hacking of personal information. In fact, we’re willing to bet that we are the safest and most secure CBD site on the internet. We’ve manually audited the security of many other large CBD sites and retailers to improve our own security. Our employees use enterprise-grade multi-step authentication to prevent hackers from gaining unauthorized access to our customer information in case credentials become compromised. On the front end, we use CAPTCHAs and limit login attempts to prevent bots from brute-forcing passwords or creating fake accounts.
All interactions, including those with personal information and credit card information, are safe, secure, and encrypted with the latest TLS encryption (often referred to as SSL). Our website is protected against attacks such as clickjacking, cross-site scripting (XSS), man-in-the-middle attacks, and more. We don’t expect anybody outside of IT to understand what this terminology means but rest assured that we take aggressive security measures to protect your information. We have a grade of “A” from securityheaders.com. Many of our competitors don’t do very well here, some receiving “F” scores. Just copy and paste the domain of one of our competitors into securityheaders.com, and see for yourself. It’s worth noting that Amazon.com gets a “B” for its website security.
Our Email Security Measures
Not only do we make sure our website is secure, but we also make sure our emails are secure. We’re one of the only CBD companies that monitors all the mail sent through our domain and rejects any email that doesn’t pass strict authentication protocols. As you can see here, Pure CBD Now is protected against impersonation attacks. This instructs inbox providers to eliminate 100% of spoofing and phishing emails so imposters can’t end up in your inbox or spam folders. It’s scary to know that the vast majority of online CBD retailers do not take these important security measures, making it very easy for any impersonator to start a phishing campaign from email addresses that appear completely legitimate. Many of the largest corporations take these security steps, but we have trouble finding competitors that have taken these steps when comparing our security to theirs.
Technical security details:
- TLS 1.3 encryption certificates sitewide (often referred to as SSL)
- HSTS security policy to upgrade insecure requests to prevent man-in-the-middle attacks
- Multi-factor authentication of everything on our backend and third-party services to prevent unauthorized access if security credentials were to become compromised
- Encrypted credit card information is stored in our payment gateway so nobody, including us, can see your credit card information
- reCAPTCHA technology prevents bots from brute-forcing passwords or creating fake accounts without you having to solve annoying captchas.
- Cross-Site Scripting (XSS) and MIME-sniffing prevention
- Website malware detection and security hardening by Securi
- Proactive detection and blocking of XSS, SQL injection attacks, and other vulnerabilities
- Website headers to protect visitors against clickjacking attacks
- DDoS prevention and mitigation to prevent downtime (we’re proud that we have nearly zero downtime since we started in 2014)
- All sent email is completely authenticated with SPF/DKIM.
- Any email messages that don’t pass authentication are 100% rejected with a DMARC policy. This prevents phishing and spoofing.
- All mail being sent as Pure CBD Now is monitored to ensure email security. Since implementing these security policies, there hasn’t been a single spoofed email that has made it to someone’s inbox or spam folder.
This isn’t an exhaustive list of our security measures, but we hope this makes you feel reassured that we’ve taken the necessary steps to ensure that we are the most secure major CBD retailer on the internet.
If you have any security questions, concerns, or suggestions to improve website security, please contact us to let us know.