The web content discusses various security measures implemented in the system, such as Address Space Layout Randomization (ASLR), Position-Independent Executables (PIEs), RELRO, and BIND_NOW. It also includes protection against brute force attacks with Static PIE ASLR and prevention of writable and executable memory mappings. Noteworthy features include LibreSSL as the default cryptography library, SROP mitigation, SafeStack implementation, and Control-Flow Integrity (CFI). The system also boasts of hardening measures in the network stack, executable file integrity enforcement, and boot hardening. Additionally, it includes support for Intel SMAP+SMEP, userland stack initialization, and RTLD hardening by default.
https://hardenedbsd.org/content/easy-feature-comparison