Blog/websec

Insights and advice for improving web performance.

11 Web Application Security Best Practices

11 Web Application Security Best Practices

Like any responsible website owner, you are probably well aware of the importance of online security. You may think that you have your ducks in a row in this department, but like many other website owners and companies, there probably hasn't been enough done to secure your web application(s). With the increasing number of online transactions and sensitive information being transmitted over the internet, it is more important than ever to ensure that web applications are secure.

December 29, 2016 Read more
X-XSS-Protection - Preventing Cross-Site Scripting Attacks

X-XSS-Protection - Preventing Cross-Site Scripting Attacks

Warning: This article discusses the X-XSS-Protection header, which was once a recommended standard for preventing cross-site scripting (XSS) attacks. However, this header has been deprecated and is no longer supported by most popular browsers. Instead, it is now recommended to use Content Security Policy (CSP) to protect against XSS attacks. While the information in this article may still be useful for historical purposes, it is important to note that relying on the X-XSS-Protection header for XSS protection is no longer a best practice.

September 29, 2016 Read more

X-Frame-Options - How to Combat Clickjacking

In today's world, security is a top concern for website owners and administrators. One of the biggest threats to website security is clickjacking, also known as UI redress attack. This is a technique where a malicious website overlays its own content on top of a legitimate website, tricking the user into clicking buttons or links that they didn't intend to. To combat this threat, website administrators can use the X-Frame-Options header.

July 21, 2016 Read more

HTTP vs HTTPS: The Difference Between HTTP and HTTPS

Do you pay attention to whether the URL of the website you are visiting starts with HTTP or HTTPS in your browser's address bar? If not, you should definitely do so in the future, especially when you enter your personal information or make online payments with your credit card. All that matters then is HTTPS in the URL! The team here at KeyCDN always encourages people to move to HTTPS for several reasons, such as performance benefits, additional security, and even SEO advantages.

May 5, 2016 Read more

Let's Encrypt Leaves Beta - HTTPS Statistics

It's official, as of April 12, 2016, Let's Encrypt is now out of beta! They first launched back in September 2015 and have now deployed certificates on millions of websites. They set out to help make the "HTTPS Everywhere" goal a reality, and they are making good dent towards accomplishing that. We here at KeyCDN love Let's Encrypt and fully support them in their work to help make the web a safer place by providing free SSL certificates for everyone.

April 21, 2016 Read more

Complete Guide on Magento Security

Magento is a very popular ecommerce platform used today that people choose to grow their online businesses. According to BuiltWith, over 22% of the top 100,000 ecommerce websites are using Magento, along with Magento Enterprise. It is known for being a very robust platform with a high level of functionality and customizability. As with any major platform, security concerns always present themselves as new vulnerabilities are constantly being discovered or exploited.

March 17, 2016 Read more

Hardening Your HTTP Security Headers

There are a lot of things to consider to when securing your website or web application, but a good place to start is to explore your HTTP security headers and ensure you are keeping up with best practices. In many cases they are very easy to implement and only require a slight web server configuration change. HTTP security headers provide yet another layer of security by helping to mitigate attacks and security vulnerabilities.

March 10, 2016 Read more

Why You Should Be Establishing SSL Trust for Your Business

All online businesses rely on building a certain level of trust with their visitors in order for them to complete a transaction. With Google pushing for a 100% secure web, more and more people are becoming aware of HTTPS and are losing trust in sites that don't use an SSL. If a visitor doesn't feel like their information or browsing experience is safe, they might avoid purchasing or filling out a form altogether.

February 25, 2016 Read more

Block Bad Bots - New Security Feature from KeyCDN

KeyCDN is always looking for ways to improve its service and so we are excited to announce a new security feature, and that is the ability to block bad bots. This allows customers to save on bandwidth costs and block bad bots, spiders, and scrapers from crawling your CDN assets. This feature is now available to all customers and can be enabled from the KeyCDN dashboard. No more bots draining your credits!

February 9, 2016 Read more

Joomla Security - Complete 10 Step Guide

Joomla is a free open source content management system (CMS), built on a MVC framework. It is currently the 2nd most widely used CMS on the internet at 2.6%. While that doesn't sound like a lot, that is is still millions of businesses and blogs that have chosen to power their websites with Joomla. As with any major platform, additional security concerns always present themselves. Your risk of attack is greater and vulnerabilities are constantly being discovered or exploited.

February 2, 2016 Read more
KeyCDN uses cookies to make its website easier to use. Learn more