Security Overview
Ultra PDF Editor keeps sensitive documents safe by eliminating server-side processing and enforcing modern browser security controls.
Static hosting
Deployed on Cloudflare Pages with zero backend infrastructure. Even if the site is compromised, there is no storage layer for documents.
Content Security Policy
Scripts and workers are restricted to `self` and `blob:` URLs. No third-party scripts are permitted, reducing XSS risk.
HTTPS everywhere
Cloudflare enforces TLS with automatic certificate rotation. HSTS headers will be enabled at GA.
Upcoming hardening
- Subresource Integrity for critical bundles
- Service worker update notifications
- Optional client-side encryption for cached signatures