The world’s most popular websites lack basic cybersecurity hygiene, an investigation by Cybernews shows.
The Cybernews research team has deep-dived into an issue that’s quite often overlooked by developers – HTTP security headers. They have analyzed the top 100 most visited websites, including Facebook, Pinterest, IMDB, PayPal, Wikipedia, and AliExpress.
The conclusion? Many developers of the most popular websites could enhance their cybersecurity practices. Not to give threat actors any ideas, the actual web sites that need some work have been omitted.
HTTP security headers are instructions on how the web browser should interact with the webpage. HTTP security headers are mostly useful for client-side attacks, aiming to exploit security flaws running on the user’s device to gain unauthorized access, steal information, and perform other malicious activities. This includes:
- X-Frame-Options
- Content-Security-Policy (CSP)
- The Referrer-Policy
- The Permissions-Policy
- The X-Content-Type-Options
- Strict-Transport-Security (HSTS)
Read more about it here.