HTTP Security Headers


Thats from gulshan ssir website.


This is my website
Can someone help me understand what it is?
@GulshanKumar

These are header response used by browser to secure site. Mozilla Dev page has clear info about these.

In short,

X-FRAME-OPTIONS

Used to restrict iframing.

X-FRAME-OPTIONS: SAMEORIGIN

with sameorigin value, example.com can be embeded inside example.com and not at other hostname.

Strict Transport Security (HSTS)

Used to enforce always HTTPS policy at browser level.

Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

These are recommended. Not necessarily required.

So does that impact my site security by any means. Also is there a simple fix to it?

It is just fence guard at browser level. Nothing much. Your host can help adding neccessary rules via .htaccess file.

1 Like

Okay!
Thanks for the help sir!

You’re welcome!

I’d like to add here an interesting thing…

As I said about iframe restricting, this is just one of many ways. If someone want to clone site they can still find many ways, for example with tool like https://appi.sh/ :see_no_evil:

So I’d not suggest completely relying on browser level. There are better ways to secure site such as using Web Firewall server policy.

Do you mean something like word fence can help?

I do not like Application Level Firewall because it can cause performance issues at hosting server.

I’d recommend Sucuri which mitigate DDoS kind of attack at DNS level. It can cache web page at edge making it faster.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.