My name is Stefán Orri Stefánsson and I'm an electrical and computer engineer from Reykjavík, Iceland.

I currently work as a security architect at Islandsbanki. My main professional interest is web application security.

You can find me lurking on Twitter @stefan_orri or reach me by email.

HTTP Security Report's Background

HTTP Security Report's purpose is to spread knowledge about how web security can be improved by employing certain HTTP headers and hardening others.

This site was born out of my curiosity of why standard (and de facto standard) HTTP security headers were so seldomly used. I looked around for online HTTP header analysis services but found none to my liking. In the end, I wrote a library to do header parsing and analysis. This website was an obvious by-product.

Of course, any metric assigned to security state, HTTP or otherwise, is subjective and debatable. So don't get hung up on the score but use the results as a tool to find the appropriate level of protection for your website.


Following is a collection of useful websites and tools.