A while back I posted an article on how to improve the security of your site by configuring headers in IIS.
I thought I’d follow up on this with a quick post about a fantastic utility online – https://securityheaders.io/.
Plug your website URL into this site, and get a report immediately about how good your site headers are, and what you can do to tighten things up. The report is understandable, and every bit of information – whether that’s missing headers, or headers configured insecurely – will have a link to the site creator’s blog explaining what this means in great detail.
Sadly my blog – which is all managed by WordPress.com – comes out with an E rating. How embarrassing…one day I will find the time to host all this on my own domain.
Final hint – as you might expect, if you put https://securityheaders.io into the site, you’ll see what an A+ report looks like!