Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on December 10, 2015

This tool helps you check if you’re using the right security headers in your Website

This tool helps you check if you’re using the right security headers in your Website
Owen Williams
Story by

Owen Williams

Former TNW employee

Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their word Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their words friendlier. In his spare time he codes, writes newsletters and cycles around the city.

Building secure Web apps isn’t exactly easy, but there are a number of small tweaks you can implement using HTTP security headers to help protect yourself against attacks.

With relatively simple configuration changes, modern headers like CONTENT-SECURITY-POLICY and X-FRAME-OPTIONS allow you to protect your site against cross-site-scripting attacks or clickjacking with a small change.

Unfortunately, most people don’t know about security headers or how easy they are to implement. A new Web app, securityheaders.io, gives you actionable fixes for your Web app by simply typing in a domain name.

Screen Shot 2015-12-10 at 1.11.50 PM

What’s most fascinating is the distribution of sites across the test so far. Only 1,407 sites achieved an A+ score, with more than 2,900 getting a fail.

If you get an ‘F’ for your score — which is the lowest rating possible — it might be time to take a look at your security strategy.

With all the recent coverage of massive cybersecurity breaches, sometimes down to incredibly trivial attacks, it’s worth trying this free tool on your own Web app to see how you’re doing and what you can do about the problems.

securityheaders.io