securityheaders.io

You need to add extra security to your website. Yes, you do.

4 years ago

Latest Post Sources by joshua

I'm sure others have seen this site before, but in the event that some have not, I figured I would give it its own shoutout.

securityheaders.io is a creation from Scott Helme that allows you to analyze any website for certain security-related information that is included in the HTTP/S response header. This information can be used to secure your own site, as well as gain information about others that may be in scope for a penetration test.

The tool checks for the following:

I've added most of these to this site, though I still need to fine tune it a bit.

Depending on your server software, you will be editing a different file, but the value will remain the same. If you're running nginx software, you'll need to add these to nginx.conf in /etc/nginx. For apache, you'll add them to httpd.conf in /etc/httpd/httpd.conf. Each value has different options, so you'll need to do some research yourself to determine what is best for your website.

joshua

Published 4 years ago