Blog/websec

Insights and advice for improving web performance.

X-XSS-Protection - Preventing Cross-Site Scripting Attacks

X-XSS-Protection - Preventing Cross-Site Scripting Attacks

Implementing HTTP security headers are an important way to keep your site and your visitors safe from attacks and hackers. In a previous post, we dove into how the X-Frame-Options header and frame-ancestors directive can help combat clickjacking. In today's post, we want to go more in-depth with the X-XSS-Protection header, as well as the newer CSP reflected-xss directive, and how they can help prevent cross-site scripting (XSS) attacks. What is X-XSS-Protection?

September 29, 2016 Read more
X-Frame-Options - How to Combat Clickjacking

X-Frame-Options - How to Combat Clickjacking

HTTP security headers provide yet another layer of security by helping to mitigate attacks and security vulnerabilities by telling your browser how to behave. In this post we will be diving more in-depth into X-Frame-Options (XFO), which is a header that helps to protect your visitors against clickjacking attacks. It is recommended that you use the X-Frame-Options header on pages which should not be allowed to render a page in a frame.

July 21, 2016 Read more

What Is the Difference Between HTTP and HTTPS?

The team here at KeyCDN is always encouraging people to make the move to HTTPS for a number of reasons such as performance benefits, additional security, and even SEO advantages. We are constantly throwing around the HTTP and HTTPS acronyms and sometimes its important to understand the basics of how they work and some history behind them. So today we thought we would explore more in-depth the difference between HTTP and HTTPS, what they mean, and why it might be time for you to make the move to HTTPS.

May 5, 2016 Read more

Web Crawlers and User Agents - Top 10 Most Popular

When it comes to the world wide web there are both bad bots and good bots. The bad bots you definitely want to avoid as these consume your CDN bandwidth, take up server resources, and steal your content. Good bots (also known as web crawlers) on the other hand, should be handled with care as they are a vital part of getting your content to index with search engines such as Google, Bing, and Yahoo.

April 27, 2016 Read more

Let's Encrypt Leaves Beta - HTTPS Statistics

It's official, as of April 12, 2016, Let's Encrypt is now out of beta! They first launched back in September 2015 and have now deployed certificates on millions of websites. They set out to help make the "HTTPS Everywhere" goal a reality, and they are making good dent towards accomplishing that. We here at KeyCDN love Let's Encrypt and fully support them in their work to help make the web a safer place by providing free SSL certificates for everyone.

April 21, 2016 Read more

Complete Guide on Magento Security

Magento is a very popular ecommerce platform used today that people choose to grow their online businesses. According to BuiltWith, over 22% of the top 100,000 ecommerce websites are using Magento, along with Magento Enterprise. It is known for being a very robust platform with a high level of functionality and customizability. As with any major platform, security concerns always present themselves as new vulnerabilities are constantly being discovered or exploited.

March 17, 2016 Read more

Hardening Your HTTP Security Headers

There are a lot of things to consider to when securing your website or web application, but a good place to start is to explore your HTTP security headers and ensure you are keeping up with best practices. In many cases they are very easy to implement and only require a slight web server configuration change. HTTP security headers provide yet another layer of security by helping to mitigate attacks and security vulnerabilities.

March 10, 2016 Read more

Why You Should Be Establishing SSL Trust for Your Business

All online businesses rely on building a certain level of trust with their visitors in order for them to complete a transaction. With Google pushing for a 100% secure web, more and more people are becoming aware of HTTPS and are losing trust in sites that don't use an SSL. If a visitor doesn't feel like their information or browsing experience is safe, they might avoid purchasing or filling out a form altogether.

February 25, 2016 Read more

Block Bad Bots - New Security Feature from KeyCDN

KeyCDN is always looking for ways to improve its service and so we are excited to announce a new security feature, and that is the ability to block bad bots. This allows customers to save on bandwidth costs and block bad bots, spiders, and scrapers from crawling your CDN assets. This feature is now available to all customers and can be enabled from the KeyCDN dashboard. No more bots draining your credits!

February 9, 2016 Read more

Joomla Security - Complete 10 Step Guide

Joomla is a free open source content management system (CMS), built on a MVC framework. It is currently the 2nd most widely used CMS on the internet at 2.6%. While that doesn't sound like a lot, that is is still millions of businesses and blogs that have chosen to power their websites with Joomla. As with any major platform, additional security concerns always present themselves. Your risk of attack is greater and vulnerabilities are constantly being discovered or exploited.

February 2, 2016 Read more
KeyCDN uses cookies to make its website easier to use. Learn more about cookies.