Skip to main content
Orphmedia - Digital Media Agency | Branding | Web Design | SEO | NYC | London | Los Angeles

Best Practices

Last updated: April 7, 2026

Security

We take security seriously and implement industry-standard protections across our platform:

  • HTTPS everywhere: All traffic is served over TLS with HSTS (HTTP Strict Transport Security) enabled, ensuring encrypted connections.
  • Security headers: We set comprehensive security headers including Content-Type-Options, X-Frame-Options, XSS-Protection, and Referrer-Policy to protect against common attack vectors.
  • Input sanitization: All user input — including contact forms and chatbot messages — is validated and sanitized before processing.
  • No mixed content: All resources (scripts, images, fonts, iframes) are loaded exclusively over HTTPS.
  • Third-party security: External links include rel="noopener noreferrer" to prevent tab-napping attacks.

Modern Web Standards

Our site is built on modern, standards-compliant technologies:

  • HTML5 semantic markup: Proper use of landmarks, headings, and semantic elements for structure and accessibility.
  • Responsive design: Mobile-first approach with fluid layouts that work across all viewport sizes.
  • Progressive enhancement: Core content is available without JavaScript; interactive features enhance the experience when available.
  • Modern image formats: AVIF and WebP served with proper fallbacks for broad browser compatibility.

Code Quality

We maintain high code quality standards throughout our development process:

  • TypeScript: Full type safety across the codebase to catch errors at compile time.
  • Component architecture: Modular, reusable components with clear separation of concerns between server and client code.
  • Error boundaries: Graceful error handling prevents individual component failures from affecting the entire application.
  • No deprecated APIs: We use current, supported APIs and libraries, keeping dependencies up to date.

SEO & Discoverability

Our site follows SEO best practices to ensure maximum visibility:

  • Unique meta titles and descriptions on every page
  • Structured data (JSON-LD) for organization and page information
  • XML sitemap automatically generated and updated
  • Canonical URLs to prevent duplicate content issues
  • Open Graph and Twitter Card meta tags for social sharing
  • Clean, semantic URL structure

AI & Chatbot Standards

Our AI-powered chatbot follows responsible AI practices:

  • Transparency: Users are clearly informed they are interacting with an AI assistant.
  • Knowledge-first: Curated knowledge base entries are prioritized over generative AI responses for accuracy.
  • Data handling: Chat conversations are logged for quality improvement but personal data is handled in accordance with our Privacy Policy.
  • Error handling: Graceful fallbacks ensure the chatbot never crashes or produces harmful output.
  • Rate limiting: API calls are managed to prevent abuse and ensure consistent availability.

Third-Party Integrations

We carefully manage third-party services and scripts:

  • Tracking scripts are deferred until after page load to avoid blocking rendering
  • Third-party cookies are clearly documented in our Cookie Policy
  • External service dependencies are minimal and well-documented
  • API tokens and secrets are stored securely in environment variables, never in client-side code

Continuous Improvement

We are committed to continuously improving our practices. Our development workflow includes:

  • Regular Lighthouse audits targeting 90+ scores across all categories
  • Dependency updates and security patch management
  • Accessibility testing with screen readers and keyboard navigation
  • Cross-browser testing across major browsers and devices

Questions

If you have questions about our development practices or notice any issues, please contact us at:

Orphmedia, LLC
150 West 28th Street, Suite 1703
New York, NY 10001
[email protected]