HTTP headers contain information that instructs your browser 'behind the scenes' on how to handle content requested from our servers. They include security settings that help prevent attacks like cross-site scripting, XXS, code injecting, click highjacking....Did we lose you there? It's ok, this is complicated stuff.
Securing a website is similar to walking on a tight rope; it requires full attention (24 hours a day), there are a million small, easy ways to fall out of line, and you have to keep moving to keep your balance. That is why this new group of AI scanning tools is so wonderful - think if it like adding a bomb sniffing dog to our Network's security team.
It focuses on 'HTTP Header' security. Every time the code in these specific headers sends out a call for information to our server it is at risk of attack without protection in place. Here's a snippet of what some of these HTTP Security Headers do and why it is so important to make sure they are performing properly:
That list is a modicum of what these various headers are capable of, and since they are always changing (because the attacks are always changing) we are pretty darn happy when our AI watchdog does a sniff test and tells us we got a 'A' security grade for your site. We're guessing you're pretty happy about that 'A' grade too.