Adoption of HTTP Security Headers on the Web

March 6, 2018 #http #security

Adoption of HTTP Security Headers on the Web looked at HTTP Archive data to do some analysis of the adoption of various HTTP security headers.  Here is a summary table of usage.

% of Base Pages using HTTP Security Headers

The analysis deep dives into each header, and which values are being sent, including misconfigured / invalid variations.  The author ends with this conclusion:

There’s a lot that we can do with these security headers - but based on the data in the HTTP Archive it’s pretty clear that they are not being used enough and sometimes are being used incorrectly.

For additional reading, take a look at:

Kevin Hakanson

Multi-Cloud Certified Architect | DevSecOps | AppSec | Web Platform | Speaker | Learner | Builder
Twitter | LinkedIn | GitHub | Stack Overflow | Credly

© 2024 Kevin Hakanson (built with Gatsby)