Security, performance and UX enhancements

We're happy to announce the following improvements:

Security

  • We've enabled DNSSEC on our domain skedda.com, which tightens up our DNS layer and protects against certain types of attacks.

  • We've disabled support for the older TLS protocols TLS 1.0 and TLS 1.1. We now receive a grade of A+ on the industry-standard SSL Labs security test.

  • We've enabled the X-Frame-Options header on our server responses, which helps to prevent certain kinds of attacks ("clickjacking"). We now support all the security headers recommended by the industry-standard security-headers test.

  • We've updated our article on data security to reflect these latest enhancements.

Performance

  • We've enabled HTTP/2 support for all venues. This feature decreases latency and improves page-load speed by using data compression, request-pipelining and multiplexing.

User Experience

  • On the scheduler day view, we're now showing more of the booking title (previously truncated) when there is enough space on the booking block.

Fixes

  • We've fixed a user-reported issue that was causing the incorrect computation of booking prices in some (rare) cases.

Reminder about Data-Processing Agreements for the GDPR

  • About a month ago we announced that we're offering Data-Processing Agreements (DPAs) for venues affected by the GDPR. If your venue falls into this category, please feel free to reach out to the Skedda team via [email protected] to sign a DPA between Skedda and your organization.