https://zachgrace.com/tags/security-headers/Recent content in Security-Headers on Zach GraceHugoen-usThu, 13 Oct 2016 00:00:00 +0000https://zachgrace.com/posts/2016-10-13-security-headers/Thu, 13 Oct 2016 00:00:00 +0000https://zachgrace.com/posts/2016-10-13-security-headers/<p>Mozilla recently released a security header grading site, <a href="https://observatory.mozilla.org/">https://observatory.mozilla.org/</a>. Of course I had to plug my site into the scanner and found that I got an F. Not good for a security guy.</p> <p><img src="https://zachgrace.com/assets/img/observatory_F.png" alt="Observatory F Rating" /></p> <p>According to <a href="https://medium.com/mozilla-tech/promoting-security-best-practices-with-observatory-7b164a190425#.5gj02ihca">April King</a> of Mozilla, the Observatory <em>&ldquo;grading is set very aggressively to promote best practices in web security&rdquo;</em>. And by looking at the scores, we can see that the far majority of sites fail the Observatory tests.</p>