Lack of HTTP Response Headers

CyberMatters does not produce HTTP security response headers!

According to Wikipedia:

HTTP header fields are components of the header section of request and response messages in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

In a security context there are a set of response headers that inform a web client (browser) about the security of the connection and content.

In the article “How widely used are security based HTTP response headers?” Scott Helme provides some good analysis of HTTP response headers and their role in security. His analysis then shows how poorly they are used across the top of 1 million web sites.

Does CyberMatters provide HTTPs response headers? Sadly not. It’s not a feature available from…

Security Headers image
[Click on the image to be able to read the code clearly]
(Courtesy of

Perhaps this is the issue. Many of the major web sites use Software as a Service platforms, and if these platforms don’t provide the capability, then the usage population will remain low.

If and a few other major platforms were to support it, I suspect the stats would suddenly look quite a bit better.

(The good news is now supports HTTPS – the way it does it is interesting – watch this space as to why…)