#30daysofsecuritytesting – Task XVIII
Write and share ideas for security testing via twitter or a blog
Learn about Security Headers
Oh, people, this challenge is a real challenge! I use to write one two blog posts a week, my wish to document my learnings is making me difficulties. I had the most beautiful weekend with my family on the hill and now I am missing several tasks. It is what it is. I move on and tick off two tasks.
So. Security Headers. The first thing I wanted to do was to scan my own website. I thought it will be short check and then I move on, but instead of that I happened this>
I started with scan on security headers – free website, which analyses headers, build and run by Scott Helme. The scan showed some problems with headers and I started to research – should I panic or not.
With help of developer tools, I checked network/headers on Safari, Chrome and FireFox. Every browser shows the header information differently. Chrome at the beginning appeared as the less valuable, but then I discovered tabs “security” and “audits” and it changed my top3.
With help of Chrome I learned tonight about also about Wildcard or Multi-Domain (SAN) Certificates and websites with whom I share it. Chrome audit showed that I have 2237 unused CSS rules. Will need to decide what to do with that…
All together this task was very useful. I learned a lot and got long to do list what to improve to my website.
At the end – Automattic has good humour:
From the other side – my header has ad for Automattic and I am not OK with that.