Tool to grade the security of your site's HTTP headers

Forum Moderators: phranque

Message Too Old, No Replies

Tool to grade the security of your site's HTTP headers

Content Security Policy (CSP) scanner

tangor

10:16 pm on Jan 26, 2016 (gmt 0)

A new coding tool aims to do the same for HTTP response headers as Qualys SSL Labs has done for secure server configurations.

The securityheaders.io site allows users to scan to get a grade between A+ to F for response headers.

The free service is primarily designed to allow sysadmins to test their own sites, much like the service SSL Labs offers for digital certificate setups.

[theregister.co.uk...]

A new tool for the tool box?

bill

4:45 am on Jan 27, 2016 (gmt 0)

Thanks for catching this tangor! That's a great tool for checking whether your CSP needs adjusting.

Here's a direct link to the tool: [securityheaders.io...]

I see that some people have been working on their CSP in the Apache Forum [webmasterworld.com...] but there isn't much other talk about the use of this valuable security measure, that just about anyone can add to their site to force browsers to load the HTTPS version (without having to rely on 301 redirects), and to specify sources where content can be loaded from (prevent cross site scripting).

The author of the securityheaders.io site also has a tool to help you generate your own CSP: [report-uri.io...]