diff --git a/.gitignore b/.gitignore
index 2b4bcaa..19b6fc5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,4 @@ vendor
 settings.php
 nbproject/private
 *.sync-conflict*
-database.mwb.bak
\ No newline at end of file
+database.mwb.bak
diff --git a/README.md b/README.md
index e3e0b6c..021bd23 100644
--- a/README.md
+++ b/README.md
@@ -16,4 +16,4 @@ Installing
 4. Set the location of the AccountHub API in `settings.php` (see "PORTAL_API") and enter an API key ("PORTAL_KEY")
 5. Set the location of the AccountHub home page ("PORTAL_URL")
 6. Set the URL of this app ("URL")
-7. Run `composer install` (or `composer.phar install`) to install dependency libraries.
\ No newline at end of file
+7. Run `composer install` (or `composer.phar install`) to install dependency libraries.
diff --git a/action.php b/action.php
index 2dee2a3..f2f42ef 100644
--- a/action.php
+++ b/action.php
@@ -256,4 +256,4 @@ switch ($VARS['action']) {
         die("Logged out.");
     default:
         die("Invalid action");
-}
\ No newline at end of file
+}
diff --git a/api.php b/api.php
index 99ee33b..977abbe 100644
--- a/api.php
+++ b/api.php
@@ -38,4 +38,4 @@ switch ($VARS['action']) {
     default:
         header("HTTP/1.1 400 Bad Request");
         die("\"400 Bad Request\"");
-}
\ No newline at end of file
+}
diff --git a/app.php b/app.php
index 58fbfc5..64e2754 100644
--- a/app.php
+++ b/app.php
@@ -18,6 +18,12 @@ if (!is_empty($_GET['page'])) {
         $pageid = "404";
     }
 }
+
+header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false);
+header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false);
+header("Link: <static/css/app.css>; rel=preload; as=style", false);
+header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false);
+header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
 ?>
 <!DOCTYPE html>
 <html>
@@ -43,6 +49,7 @@ if (!is_empty($_GET['page'])) {
         if (isset(PAGES[$pageid]['styles'])) {
             foreach (PAGES[$pageid]['styles'] as $style) {
                 echo "<link href=\"$style\" rel=\"stylesheet\">\n";
+                header("Link: <$style>; rel=preload; as=style", false);
             }
         }
         ?>
@@ -169,8 +176,9 @@ END;
         if (isset(PAGES[$pageid]['scripts'])) {
             foreach (PAGES[$pageid]['scripts'] as $script) {
                 echo "<script src=\"$script\"></script>\n";
+                header("Link: <$script>; rel=preload; as=script", false);
             }
         }
         ?>
     </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/index.php b/index.php
index 6a8c7e2..419aa46 100644
--- a/index.php
+++ b/index.php
@@ -72,6 +72,11 @@ if (checkLoginServer()) {
 } else {
     $alert = lang("login server unavailable", false);
 }
+header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false);
+header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false);
+header("Link: <static/css/index.css>; rel=preload; as=style", false);
+header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false);
+header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
 ?>
 <!DOCTYPE html>
 <html>
@@ -147,4 +152,4 @@ if (checkLoginServer()) {
     <script src="static/js/jquery-3.3.1.min.js"></script>
     <script src="static/js/bootstrap.min.js"></script>
 </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/lang/en_us.php b/lang/en_us.php
index 63c482f..3ed32f1 100644
--- a/lang/en_us.php
+++ b/lang/en_us.php
@@ -136,4 +136,4 @@ define("STRINGS", [
     "group assignments" => "Group Assignments",
     "group id" => "Group ID",
     "group name" => "Group Name"
-]);
\ No newline at end of file
+]);
diff --git a/lib/iputils.php b/lib/iputils.php
index 2d03e9a..f46c89f 100644
--- a/lib/iputils.php
+++ b/lib/iputils.php
@@ -25,7 +25,7 @@ function ip4_in_cidr($ip, $cidr) {
  * @param string $ip IP to check in IPV6 format
  * @param string $cidr CIDR netmask
  * @return boolean true if the IP is in this range, false otherwise.
- * @author MW. <https://stackoverflow.com/a/7952169>
+ * @author MW. <https://stackoverflow.com/a/7952169/2534036>
  */
 function ip6_in_cidr($ip, $cidr) {
     $address = inet_pton($ip);
diff --git a/lib/login.php b/lib/login.php
index 13d5671..aa337d3 100644
--- a/lib/login.php
+++ b/lib/login.php
@@ -40,6 +40,33 @@ function checkLoginServer() {
     }
 }
 
+/**
+ * Checks if the given AccountHub API key is valid by attempting to 
+ * access the API with it.
+ * @param String $key The API key to check
+ * @return boolean TRUE if the key is valid, FALSE if invalid or something went wrong
+ */
+function checkAPIKey($key) {
+    try {
+        $client = new GuzzleHttp\Client();
+
+        $response = $client
+                ->request('POST', PORTAL_API, [
+            'form_params' => [
+                'key' => $key,
+                'action' => "ping"
+            ]
+        ]);
+
+        if ($response->getStatusCode() === 200) {
+            return true;
+        }
+        return false;
+    } catch (Exception $e) {
+        return false;
+    }
+}
+
 ////////////////////////////////////////////////////////////////////////////////
 //                           Account handling                                 //
 ////////////////////////////////////////////////////////////////////////////////
diff --git a/lib/userinfo.php b/lib/userinfo.php
index 8d63990..65f6b38 100644
--- a/lib/userinfo.php
+++ b/lib/userinfo.php
@@ -124,4 +124,4 @@ function getManagedUIDs($manageruid) {
     } else {
         return [];
     }
-}
\ No newline at end of file
+}
diff --git a/mobile/index.php b/mobile/index.php
index cce552d..ab68ef8 100644
--- a/mobile/index.php
+++ b/mobile/index.php
@@ -9,6 +9,10 @@
  * Mobile app API
  */
 
+// The name of the permission needed to log in.
+// Set to null if you don't need it.
+$access_permission = "ADMIN";
+
 require __DIR__ . "/../required.php";
 
 require __DIR__ . "/../lib/login.php";
@@ -93,9 +97,9 @@ switch ($VARS['action']) {
         if (user_exists($VARS['username'])) {
             if (get_account_status($VARS['username']) == "NORMAL") {
                 if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) {
-                    if (account_has_permission($VARS['username'], "ADMIN")) {
+                    if (is_null($access_permission) || account_has_permission($VARS['username'], $access_permission)) {
                         doLoginUser($VARS['username'], $VARS['password']);
-                        $_SESSION['mobile'] = TRUE;
+                        $_SESSION['mobile'] = true;
                         exit(json_encode(["status" => "OK"]));
                     } else {
                         exit(json_encode(["status" => "ERROR", "msg" => lang("no admin permission", false)]));
@@ -107,4 +111,4 @@ switch ($VARS['action']) {
     default:
         http_response_code(404);
         die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."]));
-}
\ No newline at end of file
+}
diff --git a/pages/404.php b/pages/404.php
index 7ccd27f..fb6d8ed 100644
--- a/pages/404.php
+++ b/pages/404.php
@@ -2,4 +2,4 @@
     <div class="col-12 col-sm-6 col-md-4 col-lg-4">
         <div class="alert alert-warning"><b><?php lang("404 error");?></b><br /> <?php lang("page not found"); ?></div>
     </div>
-</div>
\ No newline at end of file
+</div>
diff --git a/pages/home.php b/pages/home.php
index f1f8b5b..c05c33b 100644
--- a/pages/home.php
+++ b/pages/home.php
@@ -35,4 +35,4 @@ redirectifnotloggedin();
             <a href="app.php?page=authlog" class="text-dark"><i class="fa fa-arrow-right fa-fw"></i> <?php lang('view security log'); ?></a>
         </div>
     </div>
-</div>
\ No newline at end of file
+</div>
diff --git a/required.php b/required.php
index 320f723..7fb0673 100644
--- a/required.php
+++ b/required.php
@@ -12,10 +12,12 @@ ob_start(); // allow sending headers after content
 // Unicode, solves almost all stupid encoding problems
 header('Content-Type: text/html; charset=utf-8');
 
-// l33t $ecurity h4x
+// Strip PHP version
+header('X-Powered-By: PHP');
+
+// Security
 header('X-Content-Type-Options: nosniff');
 header('X-XSS-Protection: 1; mode=block');
-header('X-Powered-By: PHP'); // no versions makes it harder to find vulns
 header('X-Frame-Options: "DENY"');
 header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"');
 $SECURE_NONCE = base64_encode(random_bytes(8));
@@ -81,7 +83,7 @@ function sendError($error) {
             . "<h1>A fatal application error has occurred.</h1>"
             . "<i>(This isn't your fault.)</i>"
             . "<h2>Details:</h2>"
-            . "<p>". htmlspecialchars($error) . "</p>");
+            . "<p>" . htmlspecialchars($error) . "</p>");
 }
 
 date_default_timezone_set(TIMEZONE);
diff --git a/settings.template.php b/settings.template.php
index 53fe46e..c6bbead 100644
--- a/settings.template.php
+++ b/settings.template.php
@@ -63,4 +63,4 @@ define('LANGUAGE', "en_us");
 
 
 define("FOOTER_TEXT", "");
-define("COPYRIGHT_NAME", "Netsyms Technologies");
\ No newline at end of file
+define("COPYRIGHT_NAME", "Netsyms Technologies");
diff --git a/static/css/app.css b/static/css/app.css
index 4419fc1..651e07c 100644
--- a/static/css/app.css
+++ b/static/css/app.css
@@ -65,4 +65,4 @@ body {
 
 .mobile-app-display {
     display: none;
-}
\ No newline at end of file
+}
diff --git a/static/js/app.js b/static/js/app.js
index 2fe1a03..602807d 100644
--- a/static/js/app.js
+++ b/static/js/app.js
@@ -23,4 +23,4 @@ try {
     window.history.replaceState("", "", getniceurl());
 } catch (ex) {
 
-}
\ No newline at end of file
+}