Lack of HTTP Response Headers

24 May

CyberMatters does not produce HTTP security response headers!

According to Wikipedia:

HTTP header fields are components of the header section of request and response messages in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

In a security context there are a set of response headers that inform a web client (browser) about the security of the connection and content.

In the article “How widely used are security based HTTP response headers?” Scott Helme provides some good analysis of HTTP response headers and their role in security. His analysis then shows how poorly they are used across the top of 1 million web sites.

Does CyberMatters provide HTTPs response headers? Sadly not. It’s not a feature available from WordPress.com…

Security Headers image

[Click on the image to be able to read the code clearly]

(Courtesy of https://securityheaders.io/)

Perhaps this is the issue. Many of the major web sites use Software as a Service platforms, and if these platforms don’t provide the capability, then the usage population will remain low.

If WordPress.com and a few other major platforms were to support it, I suspect the stats would suddenly look quite a bit better.

(The good news is WordPress.com now supports HTTPS – the way it does it is interesting – watch this space as to why…)

 

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: