Building secure Web apps isn’t exactly easy, but there are a number of small tweaks you can implement using HTTP security headers to help protect yourself against attacks.
With relatively simple configuration changes, modern headers like CONTENT-SECURITY-POLICY and X-FRAME-OPTIONS allow you to protect your site against cross-site-scripting attacks or clickjacking with a small change.
Unfortunately, most people don’t know about security headers or how easy they are to implement. A new Web app, securityheaders.io, gives you actionable fixes for your Web app by simply typing in a domain name.
What’s most fascinating is the distribution of sites across the test so far. Only 1,407 sites achieved an A+ score, with more than 2,900 getting a fail.
If you get an ‘F’ for your score — which is the lowest rating possible — it might be time to take a look at your security strategy.
With all the recent coverage of massive cybersecurity breaches, sometimes down to incredibly trivial attacks, it’s worth trying this free tool on your own Web app to see how you’re doing and what you can do about the problems.