It was a little over 3 years ago when I first launched securityheaders.io and it's come a long way since then. This update doesn't really change anything in the way the service works or what it does, but I thought it was time for a little refresh.


securityheaders.io

Since the site first went online in Feb 2015 it's been known as "securityheaders.io". The service has gone through quite a few changes since then to introduce new features, grading systems and updates with great success. Now though, it's moving domain.


securityheaders.com

As of this blog post the project is being renamed to "Security Headers" and it will be available at the brand new domain name: https://securityheaders.com/

As I said, this doesn't really change anything about how the site operates and of course all of the request to the old .io will be redirected to the equivalent page on the new .com address.


new-site


Other updates

Given the really low utilisation of the short URL service I introduced in July 2016 I've decided to discontinue it. The service requires its own server which requires maintenance and updates and Security Headers is running on a tight budget. The domain will continue to be redirected to the new site, but new short URLs will no longer be issued.


Upgrades

A change like this gave me a great opportunity to do some upgrades behind the scenes. I brought up new infrastructure running the latest Ubuntu 16.04.4 LTS, upgraded to PHP 7.2 and made a few other changes at the same time. This meant I could flip the DNS for the new domain over to the new servers and have no impact on availability.


Cloudflare

Another big change during this transition is that Security Headers is now sat behind Cloudflare. I have had issues with abusive traffic in the past and the service is run on a budget so any support I can get right now will be great. Cloudflare will take load off my origin and free up resources to provide a better service.


CSP

With the removal of Google Analytics from the site I have tightened up the CSP quite a bit. Check out our new CSP and let me know what you think!

https://securityheaders.com/?q=securityheaders.com&followRedirects=on


Sponsorship

Security Headers makes no money and I want it to remain free to everyone forever. To do this I have sponsors on the site and you can see Sophos is the current sponsor in the screenshot above. If you or your company would like to support the project then please do stop by our sponsor page and consider helping us out!