Home Forums Webinar Discussions Do you have a topic you would like to see in a future webinar? Reply To: Do you have a topic you would like to see in a future webinar?

#17289
BG
Participant

Would it be possible to have a webinar about "Security Headers" (and what to do if you find out they are "missing")?

Reason for my request: Checking my own or customer websites on Website Vulnerability Scanner the "Website Security Score" is usually "F" (or at best "D"). Details e.g. read like this:

The following security headers are missing from the website:

Strict Transport Security (HIGH SEVERITY)
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

X Content Type Options (LOW SEVERITY)
The only defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions

X Frame Options (MEDIUM SEVERITY)
Clickjacking protection: deny - no rendering within a frame, sameorigin - no rendering if origin mismatch, allow-from - allow from specified location, allowall - non-standard, allow from any location

Content Security Policy (HIGH SEVERITY)
A computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context

X XSS Protection (LOW SEVERITY)
A Cross-site scripting filter

(BTW: even google.com scores only "D" when I checked...)