Home › Forums › Webinar Discussions › Do you have a topic you would like to see in a future webinar? › Reply To: Do you have a topic you would like to see in a future webinar?
Would it be possible to have a webinar about "Security Headers" (and what to do if you find out they are "missing")?
Reason for my request: Checking my own or customer websites on Website Vulnerability Scanner the "Website Security Score" is usually "F" (or at best "D"). Details e.g. read like this:
The following security headers are missing from the website:
Strict Transport Security (HIGH SEVERITY)
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.
X Content Type Options (LOW SEVERITY)
The only defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions
X Frame Options (MEDIUM SEVERITY)
Clickjacking protection: deny - no rendering within a frame, sameorigin - no rendering if origin mismatch, allow-from - allow from specified location, allowall - non-standard, allow from any location
Content Security Policy (HIGH SEVERITY)
A computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context
X XSS Protection (LOW SEVERITY)
A Cross-site scripting filter
(BTW: even google.com scores only "D" when I checked...)