Quality hosting. Tuned to perfection. Try it yourself for 40% off! - ENDS: 30 September 2024

Server Security

ROBTEC Hosting offers secure servers to protect your data and prevent unauthorised access. We employ appropriate security measures, including firewalls, software updates, and secure access controls, to safeguard your server from potential threats.

At ROBTEC Hosting, we take security seriously. To see how seriously, check the security rating of your website and our server by visiting Security Headers at https://securityheaders.com/. Our servers have received an impressive A/A+ score, as you can see in the screenshot below. We’ve taken all necessary precautions to secure our servers without requiring any additional coding on your part. We prioritise security on our servers so you can focus on running your business with peace of mind. Learn more about Security Headers and how we prioritise security on our servers below.

Security Header

HTTP security headers are an essential part of web security as they provide an additional layer of security that can prevent common vulnerabilities from being exploited. Security headers are a set of HTTP response headers sent by the server along with the response to a client’s request, and they tell the client’s browser how to behave regarding the website’s security. They are used to protect against various web-based attacks, including client-side attacks like phishing, cross-site scripting (XSS), and Man-In-The-Middle (MITM) attacks.

Ignoring HTTP security headers can lead to a website being vulnerable to attacks, which is why it’s always essential to have additional safety measures, especially for end-users. The security level of a website also depends on how safe it is for the end-user to browse it. For example, if you put a lot of effort into creating a secure application but serve it without HTTPS, your application’s security is not as good as you think, at least for the user.

Let’s consider an example to better understand this. Imagine your website is a castle with several guards around to prevent attacks, and users have to take a road to get there. As the guards can only protect the castle and not the road, malicious people could use the road to attack users without facing any guards. To solve this, we’ll put some barbed fences around so malicious people can’t get to our users. These barbed fences are HTTPS. HTTPS makes the connection between the user and the website encrypted so unreadable (and unwritable) to potential hackers. But sometimes attacks can come from the application itself, such as when there’s an XSS vulnerability. That’s where security headers are important. The more effort you put into client-side security, the safer that road will be for users.

Some common security headers include:

  • Content-Security-Policy (CSP): This header specifies which resources (such as images, scripts, and stylesheets) a browser is allowed to load for a particular web page. By using CSP, website owners can prevent cross-site scripting (XSS) attacks and other types of code injection attacks.
  • X-Content-Type-Options: This header prevents a browser from interpreting files as a different MIME type than what the server specifies. This can prevent attacks such as MIME sniffing.
  • X-Frame-Options: This header prevents clickjacking attacks by specifying whether a web page can be displayed within an iframe.
  • X-XSS-Protection: This header enables or disables the built-in cross-site scripting (XSS) filter in a browser.
  • Referrer-Policy: This header allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
  • Strict-Transport-Security: This header is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.

By using these headers, website owners can significantly improve the security of their web applications. In fact, many security researchers and organizations recommend that website owners implement a comprehensive set of security headers to reduce the risk of web-based attacks.

There are many different types of security headers, each with their own specific purpose. Some common security headers include:

Here is an example of how to add the CSP header to a website:

 

Content-Security-Policy: default-src 'self'; script-src 'self' https://example.com; img-src 'self' https://example.com;

 

This example CSP header specifies that the website should only load resources from itself ('self') by default, but scripts and images can also be loaded from https://example.com.

Here is a screenshot of how the CSP header looks in the response header of a website:

This example CSP header specifies that the website should only load resources from itself ('self') by default, but scripts and images can also be loaded from https://example.com.

Here is a screenshot of how the CSP header looks in the response header of a website:

Build Your Website with ROBTEC

From professional business to enterprise, we’ve got you covered!