Skip to main content
Journal ArticleOPEN ACCESS

Analysis of the adoption of security headers in HTTP

IET Information Security (2018) 12(2) 118-126
DOI: 10.1049/iet-ifs.2016.0621
21Citations
Citations of this article
45Readers
Mendeley users who have this article in their library.

Abstract

With the increase in the number of threats within web-based systems, a more integrated approach is required to ensure the enforcement of security policies from the server to the client. These policies aim to stop man-in-the-middle attacks, code injection, and so on. This study analyses some of the newest security options used within HTTP responses, and scans the Alexa Top 1 Million sites for their implementation within HTTP responses. These options scanned for include: content security policy, public key pinning extension for HTTP, HTTP strict transport security, and HTTP header field X-frame-options, in order to understand the impact that these options have on the most popular websites. The results show that, while the implementation of the parameters is increasing, it is still not implemented on many of the top sites. Along with this, the study shows the profile of adoption of Let's Encrypt digital certificates across the one million sites, along with a way of assessing the quality of the security headers.

References Powered by Scopus

Reining in the web with content security policy

Proceedings of the 19th International Conference on World Wide Web, WWW '10
161Citations
N/AReaders
Get full text

CSP is dead, long live CSP! On the insecurity of whitelists and the future of content security policy

Proceedings of the ACM Conference on Computer and Communications Security
84Citations
N/AReaders
Get full text

Towards a complete view of the certificate ecosystem

Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
75Citations
N/AReaders
Get full text
View more at Scopus

Cited by Powered by Scopus

Investigating HTTP response headers for the classification of devices on the Internet

Advances in Information, Electronic and Electrical Engineering, AIEEE 2019 - Proceedings of the 7th IEEE Workshop
10Citations
N/AReaders
Get full text

Reviewing effectivity in security approaches towards strengthening internet architecture

International Journal of Electrical and Computer Engineering
9Citations
N/AReaders
Get full text

A cost-effective IoT strategy for remote deployment of soft sensors - a case study on implementing a soft sensor in a multistage MBBR plant

Water Science and Technology
9Citations
N/AReaders
Get full text
View more at Scopus

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Buchanan, W. J., Helme, S., & Woodward, A. (2018). Analysis of the adoption of security headers in HTTP. IET Information Security, 12(2), 118–126. https://doi.org/10.1049/iet-ifs.2016.0621

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 10

63%

Researcher 3

19%

Professor / Associate Prof. 2

13%

Lecturer / Post doc 1

6%

Readers' Discipline

Tooltip

Computer Science 16

84%

Design 1

5%

Chemistry 1

5%

Engineering 1

5%

Article Metrics

Tooltip
Social Media
Shares, Likes & Comments: 18

Save time finding and organizing research with Mendeley

Sign up for free