• Passerby6497@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    6 months ago

    Doing so at the dns layer is a much better option, as it prevents the end user or malware from bypassing those restrictions with a non-standard browser or modifying the client settings (which shouldn’t happen, but can).

    In an enterprise environment, which is exactly what this is aimed at, that kind of protection is a boon against the random shit end users click on.