Security

Now you can easily see if a site's HTTP headers are insecure, beams dev

Site stress site sighted

A new coding tool aims to do the same for HTTP response headers as Qualys SSL Labs has done for secure server configurations.

The securityheaders.io site allows users to scan to get a grade between A+ to F for response headers.

The free service is primarily designed to allow sysadmins to test their own sites, much like the service SSL Labs offers for digital certificate setups.

Scott Helme, the developer behind the securityheaders.io site, explained that getting HTTP response headers right is not simply an idealistic mission, and says it has important benefits for web security, a mission endorsed by independent security experts.

“The HTTP response headers that the site checks for offer various security benefits,” Helme told El Reg. “OWASP has a good guide on the headers and the security benefits that each of them offer. My site checks for their presence and then grades you appropriately based on whether or not you use them.”

The latest version of the securityheaders.io site site was launched at the recent PasswordsCon conference in Cambridge. ®