Every website is an HTML page, which comprises of 2 parts.
The Body, which is what we see on this webpage and Header, which is what makes the page secure, discoverable, and interactive.
When it comes to the security aspect of our webpage, there are a LOT of variables to take into consideration that extend beyond the Header section of an HTML, of course. However, that's out of scope for this post.
What prompted me to look into this was an article that showed how so many WordPress sites (which still dominate the web) are insecure.
Today, I want to focus on a few simple tools you could use to resolve this yourself whether or not you use WordPress.
- SecurityHeaders.com - A free tool by Snyk, which you can use to scan sites for yourself or your clients
- A n8n automation to save the scan results on Gsheets and provide actionable recommendations and either handle them yourself, or use a code editor such as Claude Code, Cursor, etc to handle them
If WHY is not clear, just consider these 2 edge cases.
- A failed Content Security Policy, can result into someone stealing your cookies or even injecting an unsafe form that could result into your PII and credit card info being leaked.
- A failed Permissions Policy, could result into your Mic/Camera being accessible by malicious actors.
Long story short, take Security seriously.
No comments yet. Be the first to comment!