Software Alternatives, Accelerators & Startups
Table of contents
  1. Videos
  2. Social Mentions
  3. Comments

Security Headers

Quickly and easily assess the security of your HTTP response headers.

Security Headers Reviews and details

Screenshots and images

  • Security Headers Landing page
    Landing page //
    2023-08-04

Badges

Promote Security Headers. You can add any of these badges on your website.

SaaSHub badge
Show embed code

Videos

HTTP Security Headers | Part 01

HTTP Security Headers In Action - Sven Morgenroth - PSW #652

Social recommendations and mentions

We have tracked the following product recommendations or mentions on various public social media platforms and blogs. They can help you see what people think about Security Headers and what they use it for.
  • Why is text of sumissions in low-contrast grey on HN?
    There are so many accessibility issues on Hacker News! Ways to avoid the same mistakes? Easy... 1 - Make sure everyone involved from designers to developers to content creators to testers to... Whatever your village has in it... Has knowledge of WCAG. (New standards out a few weeks ago!) WCAG is the de facto law of the land now, and businesses are liable from damages if they don't make efforts to ensure all users... - Source: Hacker News / 9 months ago
  • Show HN: Year old launches SaaS platform today. Seeks feedback
    Few minor accessibility issues. https://wave.webaim.org/report#/https://propbox.co/ Bunch of front-end security issues. Some of these are trivial, but also... Why not just knock them out? https://securityheaders.com/?q=https%3A%2F%2Fpropbox.co%2F&followRedirects=on The Privacy page is a nightmare, as others have pointed out. Why do this? Won't work with screen readers, won't let users copy text... it's bad.... - Source: Hacker News / about 1 year ago
  • Hacker News evading criticism by selectively adding noreferrer to certain links
    FWIW HN sets the Referrer-Policy header [1] to origin [2] but I have no idea how many browsers honor that. [1] - https://scotthelme.co.uk/a-new-security-header-referrer-policy/ [2] - https://securityheaders.com/?q=https%3A%2F%2Fnews.ycombinator.com%2F&hide=on&followRedirects=on. - Source: Hacker News / about 1 year ago
  • Security headers - what they are and how to use them 🔒
    I was recently tasked with improving the security rating on one of our websites. This involved a couple of things but the thing I want to focus on in this post is security headers. We scanned the site here and were initially given a rating of 'E'. Not good. So one of the recommendations was to add security headers which are headers contained in the HTTP response and can provide various different security benefits,... - Source: dev.to / about 1 year ago
  • Google No Longer Automatically Indexes Websites – WTF?
    Google has to know about the site before it can index it. Set up the sitemap, then link the sitemap in from Google's Search Console Tools, and install Google Analytics. This will help Google pick up that your site exists. Make sure your robots.txt file is configured to allow crawlers. Make sure your pages aren't inadvertently NOINDEX'd. SEO isn't as relevant as it used to be, but all this stuff should be part of... - Source: Hacker News / about 1 year ago
  • Deceptive Site Ahead
    Https://securityheaders.com/ reports A+ or A scores for every one of my subdomains. Source: about 1 year ago
  • Is there an ongoing S3 DNS issue?
    OK, I faced a similar issue due to the code of the app not respecting the content policies. I wanted to have an A ranking on https://securityheaders.com/ but gave up and my app was accessible again. Keep us posted. Source: over 1 year ago
  • Team Kennedy needs some HTTPS help?
    As indigodaddy mentioned the cert is only signed for www and not the apex. [1] tests still running for ipv6. Some headers may be missing [2]. [1] - https://www.ssllabs.com/ssltest/analyze.html?d=www.teamkennedy.com&latest [2] - https://securityheaders.com/?q=https%3A%2F%2Fwww.teamkennedy.com%2F&followRedirects=on. - Source: Hacker News / over 1 year ago
  • HTTP Headers
    Score your website headers: https://securityheaders.com. - Source: dev.to / over 1 year ago
  • Planlike.pro – New Estimating Tool
    It's a good project: I'll try it out (we are doing something similar, but it's pretty hard to have a general saas service ... Too often project are too different so you need a lot of customization I think). Bwt * this https://securityheaders.com/?q=https%3A%2F%2Fplanlike.pro&followRedirects=on can be easy to fix (I'll give you the settings for haproxy or apache if you need) *... - Source: Hacker News / over 1 year ago
  • Rebuilt my blog with awesome performances. How do I keep SEO safe?
    You also mentioned keeping your site safe. Make sure http redirects to https. Make sure SSL is working, and then look into HTTP Security Headers https://securityheaders.com/ . You will want to look into Strict-transport-security, x-frame options, x-content-type-options, content-security-policy, referrer policy, and permissions-policy to start. A great option to get started on your site's security in my opinion is... Source: over 1 year ago
  • Anywhere I can advertise a bounty for my site?
    Everything the others have said + also use https://securityheaders.com/ & shodan.io if you haven't already to see if there is anything obvious. Source: over 1 year ago
  • Any tool to check the security of my server?
    I'm guessing you have a reverse proxy like nginx, caddy, traefik, swag etc serving that? Try checking the config with things like securityheaders and SSL Labs, or even use hardenize to get a report on your domain including email etc. Source: over 1 year ago
  • Content-Security-Policy - No valid directives found in policy [securityheaders.com]
    If you click the links provided by securityheaders.com and read it should answer you question: https://scotthelme.co.uk/content-security-policy-an-introduction/. Source: over 1 year ago
  • Content-Security-Policy - No valid directives found in policy [securityheaders.com]
    I entered my site URL into securityheaders.com and it tells me the following:. Source: over 1 year ago
  • WordPress attacks and wordfence
    I skipped using Cloudflare's HSTS as it only provides minimal protection. I instead used custom security headers via .htaccess & functions.php files. I disabled right clicking, F12 & print preview. I changed the admin login URL. Source: over 1 year ago
  • My wordpress page sends a lot of "shady" requests to a site called "brounelink.com". Why? How to debugg where this is coming from?
    Useful tool for testing site headers here: https://securityheaders.com/. Source: over 1 year ago
  • SvelteKit Node App Deploy: Linux Cloud Hosting
    We checked the page works at the end of a previous section. You might also want to check the HTTP security headers. Both SecurityHeaders.com and Mozilla Observatory are good for this. You might not be able to get an A+ on both because SvelteKit does not add style CSP hashes (at the time of writing). Instead we used the style-src: unsafe-inline directive. CSS hashes are important, though; maliciously injected... - Source: dev.to / over 1 year ago
  • Possible weird malware issue or something?
    I have just done a scan of the headers again using securityheaders.com and I get two very different results if I follow the redirect to the HTTPS, vs. Not following the redirect (going to the HTTP. See what I mean here: https://imgur.com/a/SkYGkNZ. Source: almost 2 years ago
  • Working on an extremely old and outdated WordPress/Godaddy site that was also infected with malware. And I need help/advice.
    I have never experienced this with any of my WP-based sites but if I did, I would take it off line, deleted the existing database, create a new one and put up a simple landing page/site, and then rebuild the site from scratch, assuming the site was infected because of older WordPress or plug-in security issues. Along with all the typical security hardening steps, you should also whitelist your (and his?) IP... Source: almost 2 years ago
  • SvelteKit Content Security Policy: CSP for XSS Protection
    This is all good, but when I deployed to Netlify and ran a test using the securityheaders.com site. I was getting nothing back for CSP. For that reason I tried an alternative approach. An alternative to including CSP in meta tags is to use HTTP headers. Both are valid, though the HTTP header is a stronger approach in most cases. Additionally, using HTTP headers you can add reporting, using a service like... - Source: dev.to / almost 2 years ago

Do you know an article comparing Security Headers to other products?
Suggest a link to a post with product alternatives.

Suggest an article

Security Headers discussion

Log in or Post with

This is an informative page about Security Headers. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.