Website security is becoming an increasingly important topic, as more individuals, businesses and governing bodies are becoming concerned with the risk to personal data posed by inadequate web security practices.
Security basics - HTTPS
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted.
Whereas in the past, HTTPS might have only been used to protect highly confidential online transactions like online banking and online shopping order forms, it is fast becoming the standard for all website URLs.
This agenda has been pushed in particular by Google's Chrome browser, encouraging website owners to move to HTTPS by showing 'Not secure' messages to browser users on HTTP pages. As such, the issue becomes about user trust and user experience, in addition to security.
While the basic recommendation of 'move your entire site to HTTPS' holds true for any website that has not yet done this, there are some additional vulnerabilities that Sitebulb will detect, for sites that have already adopted HTTPS.
HTTP security headers
When a browser client (or indeed, a website crawler) 'opens' a particular website URL, it starts this process by sending an HTTP request to the website server. The server sends back HTTP response headers, in addition to the page content itself.
During the last few years, a number of new HTTP headers have been introduced whose purpose is to help enhance the security of a website. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities.