Total 22 Posts

Hardening your HTTP response headers

Following the recent announcement of my new service, https://securityheaders.io, I thought I'd cover some more of the security based HTTP response headers out there and look at how to harden your existing HTTP response headers. Introduction HTTP Response headers are name-value pairs of strings sent back from a…

Continue Reading

HSTS Preloading

HSTS is the great little response header that tells a browser to always use SSL/TLS to communicate with your site. It doesn't matter if the user, or a link they are clicking, specifies HTTP, HSTS will remove the ability for a compatible browser to use HTTP and will enforce…

Continue Reading

Setting up HSTS in nginx

The HTTP Strict Transport Security (HSTS) header allows a host to enforce the use of HTTPS on the client side. By informing the browser to only use HTTPS, even if the user specifies HTTP as the protocol, the browser will enforce the use of HTTPS. This protects the user from…

Continue Reading

Issuing HSTS policy in PHP

HSTS is a great way of protecting visitors to your website by ensuring their browser only uses a secure connection to communicate. If you use shared hosting and don't have access to change the header configuration, or you simply want to test HSTS without enabling it site wide, you can…

Continue Reading