Benchmark: Security Headers Best Practices
Description
Security headers are HTTP response headers that define whether a set of security precautions should be activated or deactivated on the web browser. It will protect your website from some common attacks like XSS, code injection, clickjacking, etc. This benchmark performs a check for following HTTP response headers:
- Content-Security-Policy
- HTTP Strict-Transport-Security
- Permissions-Policy
- Referrer-Policy
- X-Content-Type-Options
- X-Frame-Options
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-net-insightsStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Security Headers Best Practices.
Run this benchmark in your terminal:
powerpipe benchmark run net_insights.benchmark.security_headers_best_practicesSnapshot and share results via Turbot Pipes:
powerpipe benchmark run net_insights.benchmark.security_headers_best_practices --shareControls
- Site headers must contain Strict-Transport-Security
- Site headers must contain Content-Security-Policy
- Site headers must contain X-Frame-Options
- Site headers must contain X-Content-Type-Options
- Site headers must contain Referrer-Policy
- Site headers must contain Permissions-Policy