Web site security audit
Perform a basic security audit of your site now with Blue Refraction. Check key HTTP headers for security related settings.
- X-XSS-Protection – Current browsers have integrated filters in order to detect a possible attack. Add the \”X-XSS-Protection\” HTTP header with \”1; mode=block\” as a value (1 to indicate the activation, and mode=block to indicate that the entire page must be blocked if a problem occurs) will force the execution of these filters.
- X-content-Type-options – The only defined value, \”nosniff\”, prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. Set X-Content-Type-Options: nosniff in the header
- X-Frame-Options – This header to provides Click-jacking protection. Values: deny – no rendering within a frame, sameorigin – no rendering if origin mismatch, allow-from: DOMAIN – allow rendering if framed by frame loaded from DOMAIN
- X-Powered-By – The header announces your server type. Remove X-Powered-By from your page headers to mask the type of web server you are using.