Website Security

Website Security

Unfortunately, security is an often neglected issue for many website operators. You should deal with this topic if you don't want to become a victim of a hacker attack. With the help of HTTP security headers, the security of websites can be significantly improved.

1. X-Frame-Options (XFO)

This header prevents the page from loading into a frame on another page. Very helpful against content theft, abuse, etc.

2. X-XSS-Protection

This HTTP header prevents the well-known "Cross Site Scripting", the dreaded loading of third-party scripts into the website. This allows malicious JavaScript to run in the browser without the user even realizing it.

3. X-Content-Type-Options

The browser is usually told which file formats it should load in each case, e.g. HTML or JPG. If this is not specified, let the browser guess. You can take advantage of this and smuggle in other formats that can cause damage.

4. HTTP Strict-Transport-Security (HSTS)

This HTTP header informs the browser that the page can only be accessed via HTTPS. The prerequisite for this is of course that the site has an SSL certificate.

5. Referrer-Policy

This HTTP header is interesting in terms of data protection and controls whether the referrer value may be transferred for outgoing links.

6. Feature-Policy

With this HTTP header the data security of the visitor is increased. The detection of microphone, camera, location etc. can be prevented.

Online HTTP Security Header Test



Website security. Contact Us!