In the last five years, Really Simple SSL has positioned itself as one of the leading authorities on Security Headers. We gave talks about the importance of Security Headers on WordCamp Europe, and have always aspired to give everyone in the (WordPress) ecosystem an easy way to configure Security Headers as it’s a fundamental part of securing the web for everyone.
We have relied on securityheaders.com for a while to quickly access a list of available Security Headers on any given URL, but the list has not been updated regularly and is now proposing values and headers that are no longer valid or might even hurt security in return while missing out on new headers as well.
Although it’s still a beneficial tool, we would like to add our way of reporting security headers to the web, especially for our specific target group, WordPress users. WordPress has its challenges regarding the many configuration possibilities with (security) plugins, themes, and caching, let alone server configurations, including parties like Cloudflare handling requests.
This challenge is what we embrace at Really Simple SSL, but we decided it needs its Security Scan as well. We will expand on the possibilities, but we now use our Security Scan for Security Headers, a staple in protecting your website visitors.
If you have any ideas, comments or requests, please let us know!