There are a set of nifty HTTP Headers that you can emit from your site on every response which will harden your site against spoofing, XSS and more
Here at mySites.guru, we have just launched 8 new checks in the snapshot that is taken of your sites over twice a day!
The eight headers we now look for on responses from your site are:
- Content Security Policy
- Expect CT
- Feature Policy (We check you DONT have this deprecated header)
- Permissions Policy (We check you DO have this new header!)
- Referrer Policy
- Strict Transport Security
- X-Content-Type-Options
- X-Frame-Options
None of these headers alone will protect your site from compromise – do not be lured into a false sense of security. However it is best practice to LEARN about them, and APPLY them to your site wherever possible to best defend against compromise, clickjacking and XSS.
Not a mySites.guru subscriber?
We know not everyone reading this blog is a subscriber, although we surpassed 64,000 sites connected (and heading for 65000 quickly!) – we hope you will take our service for a test – grab yourself FIRST MONTH FREE while you are there!
If you really don’t want to subscribe, The best place you can get a quick overview of your sites security headers is over at https://securityheaders.com – we heavily promote and link to their site throughout the mySites.guru snapshot checks.
HTTP Response headers are a great thing to have set right, but also be sure that your site follows all kinds of other best practice – mySites.guru has all that best practice wrapped up in one unique service, to manage multiple Joomla sites, or manage multiple WordPress sites all in one place.