Recently I've rebuilt my blog, , using and . Being an engineer, I like to enhance and improve my websites. Sometimes I submit my websites to services that check them to identify new areas of improvement. These services are for example broken link crawlers to find links which aren't working anymore or , a service to check the HTTP headers for potential security enhancements/issues. peterthaleikis.com Eleventy Netlify securityheaders.com The initial security assessment of my Netlify site As with many times before, I entered one of my websites for the check of the security-relevant HTTP headers on securityheaders.com. The result came back quickly and showed there is a potential to improve the headers. Only according to Scott Helme's site: Grade D Easy to improve with Netlify's file _headers The outstanding Netlify developer experience makes it very easy to tweak the headers. Netlify allows you to set additional headers in a file called . This file should live in your "Publish directory". This is often called , or . If you are unsure you can check it in the Netlify admin panel of your site under . "_headers" "public/" "dist/" "_site" "Build & Deploy" The headers file allows you to define headers for different URLs (for example ) or URL segments (for example for all URLs) of your page. In my case it's very simple as I want to apply the headers to all pages (URLs): "/contact" "/*" /*
 X-Frame-Options: DENY
 X-XSS-Protection: 1; mode=block
 Referrer-Policy: no-referrer
 X-Content-Type-Options: nosniff `_headers`-file example used on peterthaleikis.com With these headers I get a significantly improved result and a "Grade A": Securityheaders result of my website after tweaking _headers Adding the header file to your git, pushing it up and deploying shouldn't take more than five minutes and improves the security of your website. I would think these are well invested minutes 🙏️ About the Author Hey, I’m - a nomad developer turned indie hacker. I’m running a small dev-shop called . If I’m not deep diving into client code I’m building side-projects such as the and . I’m always happy to hear from you: or via my form. Peter Thaleikis bring your own ideas SEO Tool Extension Startup Name Check Twitter contact Previously published at https://peterthaleikis.com/posts/how-to-improve-the-security-of-your-netlify-site/ .

Twitter

Deep Dive into Validating Your Side-Project & Startup Ideas

coding side-projects & building small businesses

How to Improve the Security of Your Netlify Site

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

3 Life Savers During Covid Lockdown

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

3 Life Savers During Covid Lockdown

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps