#30daysofsecuritytesting – Task XVIII

screen-shot-2017-02-13-at-23-46-14

All previous posts in this series: I, II, IV, V, VII, IX, X, XXX

Task 15: Write and share ideas for security testing via twitter or a blog
Task 18: Learn about Security Headers

Oh, people, this challenge is a real challenge! I use to write one two blog posts a week, my wish to document my learnings is making me difficulties. I had the most beautiful weekend with my family on the hill and now I am missing several tasks. It is what it is. I move on and tick off two tasks.

So. Security Headers. The first thing I wanted to do was to scan my own website. I thought it will be short check and then I move on, but instead of that I happened this>

I started with scan on security headers – free website, which analyses headers, build and run by Scott Helme. The scan showed some problems with headers and I started to research – should I panic or not.

With help of developer tools, I checked network/headers on Safari, Chrome and FireFox. Every browser shows the header information differently. Chrome at the beginning appeared as the less valuable, but then I discovered tabs “security” and “audits” and it changed my top3.

With help of Chrome I learned tonight about also about Wildcard or Multi-Domain (SAN) Certificates and websites with whom I share it. Chrome audit showed that I have 2237 unused CSS rules. Will need to decide what to do with that…

All together this task was very useful. I learned a lot and got long to do list what to improve to my website.

At the end – Automattic has good humour:
screen-shot-2017-02-14-at-00-48-59

From the other side – my header has ad for Automattic and I am not OK with that.

5 thoughts on “#30daysofsecuritytesting – Task XVIII

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s