The HTTP protocol provides various header instructions allowing simple improvement of your website security. As usual, make sure to run full tests on your web site as some options may result in some features stop working.
Content Security Policy
The HTTP Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks (XSS).
Content-Security-Policy: <policy-directive>; <policy-directive>
More information about CSP is to be found on the Mozilla Developpers website at: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Strict Transport Security
If your website runs in HTTPS, adding STS ensures that all traffic is sent through HTTPS.
Strict-Transport-Security "max-age=631138519; includeSubDomains"
Preload option allows for inclusion in a browser based preload list but requires all subdomains to be served with HTTS enabled. To submit your domain for inclusion on this list, you may follow this link.
X Frame Options
Disallow your page to be embedded within a
X Content Type Options
Disable MIME type sniffing, which can e.g. make IE execute an innocent looking
X XSS Protection
X-XSS-Protection is a HTTP header understood by Internet Explorer 8 (and newer versions). This header lets domains toggle on and off the “XSS Filter” of IE8, which prevents some categories of XSS attacks.
X-XSS-Protection: 1; mode=block
Implementation varies depending on your website’s server.
For an Apache web server implementation, the
Set header instruction is to be used in the
For an nginx web server implementation, the
add_header instruction is to be used.
For an IIS web server implementation, the instructions are to be added in the
For a web server agnostic implementation, the PHP
header instruction can also be used.
For a web server agnostic implementation, the HTML
http-equiv meta tag can also be used.
For a wordpress implementation, the PHP
header instruction can be used. I’ve recently written a WordPress security plug-in to handle this easily.
Make sure to run the Page, Header & Cookie Security Analyser. securityheaders.io is a useful resource for evaluating your web site’s security.
WordPress has become a de facto standard when it comes to creating a web site. A web site, not only a blog. Part of this wide use is the ability to customize the WordPress platform down to your very specific needs. Numerous plug-ins are available to help in this task.
We all have our subjective or objective favorites. Continue reading »»
Use of CMS in now widely spread and we do not need to dig into low level coding to write web pages any more. This said, we still some times have to be able to tweak performance when it comes to some specific developments. With attention to minor details, performance of PHP scripts can be optimized and help to match Google’s attention to speed. Numerous articles deal with improving performance of PHP scripts, here is a collection of some easy to implement tweaks. Continue reading »»
Crowdsourcing is everywhere. Now, it’s Centrance’s turn. The manufacturer of professional audio equipment launches a crowdsourcing project for its future Mixerface, a compact two channel USB audio interface.
The Centrance Mixerface is a 24-bit/192kHz professional recording USB interface for Mac, PC and iDevices. It features two discrete, studio-grade mic preamps with 48V Phantom, Pan/Mixer/Monitor and a rechargeable battery. Continue reading »»
You are lost with the existing and emerging social networks wondering which social network to use in which context?
Don’t panic and check this video out.
If one trend is clear, new social networks tend to be only focused on mobile usage.
With its fifth edition of its five years predictions, IBMLabs foresees:
- generalization of data collection by the dissemination of capters for a real time image of the environment,
- 3-D hologrammes for our telephone and Internet communications,
- ten times superior battery life thanks to ambiant air’s oxygen charging,
- recycling of the heat dissipated by data centers,
- real time information (traffic, accidents, parking, alternatives, etc.) for the optimization of commutes.
See you in 2015.
Source: the IBMLabs channel on YouTube.
Who ever was in the music industry in the eighties has bumped into Tascam’s Portastudio.
Believe it or not, modern times see the introduction of Tascam’s Portastudio on iPad. Reproducing the look and feel of the Porta One cassette based multitrack recorder that revolutionized recording in 1984, the Portastudio app records up to four tracks.
The application allows to record one track at a time using the built-in mic or a headset microphone. A simulated cassette transport with position counter tracks your position while you mix with level, pan and EQ controls. When you’re ready to mix, the built-in mixdown function saves your song as a CD-quality WAV file. Your mix appears in iTunes when you’re finished, ready to share with friends and bandmates.
Idealistics will hope some hardware extension will soon allow for higher quality standard than the built-in microphone. Others will think this is a gadget lacking numerous features at times of powerful multitrack recording software…
Gmail introduces Gmail Priority Inbox. To help saving time, Priority Inbox splits your inbox into three sections: “Important and unread,” “Starred” and “Everything else” based on our emailing history.
I can’t wait to see my Gmail updated.
Source: Official Gmail blog.
Is HP trying to catch up with the industry?
HP already bought Compaq a couple of years ago to become a major player in the PC market.
Although I’ve never tried it, I love the concept of the Palm Pre. A sound alternative to Apple’s iPhone. But it seems to have been a too big project for Palm. Will this purchase be enough for HP to become a major player in the handheld computer market? Or will it allow HP to become a player on the handheld tablet matket?
In any case, this will need HP to fight on the operating systems market. Apple on one side, Google on the other side (not to mention Microsoft who will probably try not to be left behind), not an easy task…
Herbie Hancock’s all-star set featuring Harvey Mason and Marcus Miller. Any need to say more about it?