mozilla

Using HTTP Headers to Secure Your Site

Engineering
Last Updated: April 02, 2024
Caleb Hearth

Observatory by Mozilla helps websites by teaching developers, system administrators, and security professionals how to configure their sites safely and securely.

Let's take a look at the scores Observatory gives for a fairly straightforward Static Buildpack app, https://2017.keeprubyweird.com .

Test Scores

Test
Pass
Score
Explanation Content Security Policy ✗
-25
Content Security Policy (CSP) header not implemented Cookies ―
0
No cookies detected Cross-origin Resource Sharing ✔
0
Content is not visible via cross-origin resource sharing (CORS) files or headers

HTTP Public Key Pinning
―
0
HTTP Public Key Pinning (HPKP) header not implemented (optional) HTTP Strict Transport Security ✗
-20
HTTP Strict Transport Security (HSTS) header not implemented…

Subscribe to the full-text RSS feed for Caleb Hearth.