Technical Glossary
For the technically curious. Our service pages are written in plain English — but if you want to know what's actually going on under the hood, this is where to look.
Web & General
- API Application Programming Interface
- A defined way for two software systems to communicate. When your website submits a form and triggers an email, an API handles the delivery behind the scenes.
- HTTPS HyperText Transfer Protocol Secure
- The secure version of HTTP. All data between your browser and the website is encrypted — shown by the padlock in the address bar.
- SSL / TLS Secure Sockets Layer / Transport Layer Security
- The technology behind HTTPS. SSL is the older term; TLS is its modern successor. Both refer to the certificate that encrypts your website’s traffic.
- CMS Content Management System
- Software that lets you edit your website content without touching code. Examples include Umbraco, WordPress, and custom-built admin panels.
- SEO Search Engine Optimisation
- Improving a website’s visibility in search results through page speed, metadata, structured content, and link quality.
- reCAPTCHA
- Google’s service for detecting automated bots on web forms. Prevents spam submissions without requiring users to solve puzzles.
- Turnstile
- Cloudflare’s privacy-friendly alternative to reCAPTCHA. Verifies visitors are human without tracking them or displaying puzzles — the check happens invisibly in the background. Used on this site’s contact form.
- Webhook
- An HTTP callback that automatically notifies one system when something happens in another — like a payment triggering an order fulfilment workflow.
- Plugin / Extension
- An optional software module that adds functionality to an existing platform without modifying its core code.
- Stripe
- A developer-friendly payment processing platform. Handles card payments, subscriptions, refunds, and webhooks with a clean API and strong documentation.
Security & Email
- SPF Sender Policy Framework
- A DNS record listing servers authorised to send email from your domain. Prevents spoofed emails appearing to come from you.
- DKIM DomainKeys Identified Mail
- A digital signature on outgoing emails that proves they genuinely came from your domain and weren’t tampered with in transit.
- DMARC Domain-based Message Authentication, Reporting and Conformance
- A policy telling receiving servers what to do with emails that fail SPF or DKIM checks — quarantine, reject, or report them.
- HSTS HTTP Strict Transport Security
- A security header that forces browsers to always use HTTPS, even if someone types
http://. - CSP Content Security Policy
- A header controlling which external scripts and resources a browser can load from your pages. Reduces cross-site scripting risk.
- CORS Cross-Origin Resource Sharing
- A browser security mechanism controlling which domains can make API requests to your server. Misconfigured CORS is a common vulnerability.
- Azure Key Vault
- Microsoft Azure’s managed service for storing secrets, API keys, passwords, and certificates — separate from your application code and config files.
- Security Headers
- HTTP response headers instructing browsers on security policy — covering clickjacking, content injection, MIME sniffing, and referrer behaviour. Tools like securityheaders.com grade your current setup.
- DNSSEC Domain Name System Security Extensions
- Cryptographic signatures added to DNS records so that browsers and mail servers can verify your domain hasn’t been redirected to a fake server by an attacker.
- Hardenize
- A free web-based tool that scans a domain and grades it across TLS, security headers, email authentication (SPF/DKIM/DMARC), DNSSEC, and CAA records — colour-coded so you can see exactly what needs attention. See hardenize.com.
Identity & Access
- OAuth Open Authorization
- The standard behind “Sign in with Google” buttons. Delegates authentication to a trusted provider without your app handling passwords directly.
- OIDC OpenID Connect
- A layer on top of OAuth 2.0 that adds identity — so your app knows not just that access was granted, but who the user actually is.
- SSO Single Sign-On
- One login, multiple systems. Users authenticate once and access all connected applications without re-entering credentials.
- MFA Multi-Factor Authentication
- A second proof of identity beyond a password — a code from an app, SMS, or hardware key. Significantly reduces account compromise risk.
- RBAC Role-Based Access Control
- Assigns permissions to roles (Admin, Editor, Viewer) rather than individuals. Makes access management scalable and auditable.
- Azure AD B2C Azure Active Directory Business to Consumer
- Microsoft’s managed identity service for customer-facing apps. Handles registration, login, social sign-in, and MFA without building it from scratch.
- PBKDF2 Password-Based Key Derivation Function 2
- A cryptographic algorithm for hashing and storing passwords securely. Deliberately slow to make brute-force attacks computationally expensive.
- API Key
- A unique identifier used to authenticate requests to an API. Should be treated like a password — stored in a vault, never hard-coded in source.
DevOps & Infrastructure
- CI Continuous Integration
- Automatically building and testing code every time a change is pushed. Catches problems early, before they reach production.
- CD Continuous Deployment / Delivery
- Automatically releasing tested changes to staging or production. Reduces manual steps and deployment risk.
- YAML YAML Ain’t Markup Language
- A human-readable configuration format used in Azure Pipelines and many DevOps tools. More readable than JSON for multi-line config.
- Terraform
- HashiCorp’s open-source tool for defining and provisioning cloud infrastructure in code. Write a config, run a plan, apply — repeatably and safely.
- Azure Pipelines
- Microsoft’s CI/CD service within Azure DevOps. Runs automated build, test, and deployment workflows triggered by code commits or schedules.
- MQTT Message Queuing Telemetry Transport
- A lightweight messaging protocol for IoT systems. Passes sensor data and commands between devices and cloud services over low-bandwidth connections.
- IR35
- UK tax legislation determining whether a contractor should be treated as an employee. “Outside IR35” means a contractor operates as a genuinely independent business.
- MVP Minimum Viable Product
- The smallest version of a product that delivers real value. Used to validate ideas quickly before building the full thing.
- GDPR General Data Protection Regulation
- EU and UK data protection law governing how personal data is collected, stored, and processed. Applies to any organisation handling data from EU/UK individuals.