Ensure secured connections with HSTS (HTTP Strict Transport Security)

Our regular readers already know that HTTPS is now a requirement for any websites. The urge to get rid of unsecured navigation has never been stronger: each release of Google Chrome or Mozilla Firefox comes with a new warning sign for users sharing private data. Soon, all forms will be concerned.

But offering an HTTPS version of your website is not enough to automatically redirect all your HTTP traffic to this secured version. Continue reading

Secure your cookies to the next level with SameSite attribute

After reading our last article about how to secure your cookies, you may (should?) already be using Secure and HttpOnly flags. As a reminder, ‘Secure’ allows to prevent a cookie to be sent on a non-secure web page, whereas ‘HttpOnly’ prevents any client-side usage of a given cookie.
It is now time to take your website security to the next level with one more attribute for your cookies! Let’s talk about SameSite instruction, allowing to prevent Cross-Site Request Forgery (CSRF) attacks and Cross-Site Script Inclusion (XSSI). Continue reading

Website Performance Benchmark: brand-new comparison reports on Dareboost

The first version of our comparison tool has been released about 18 months ago. We’re very glad today to announce a significant upgrade of this feature, now allowing to compare up to 12 web pages at a same time (against only 2 before). Another improvement comes with the charts of groups for monitored pages, giving access to comparison report by clicking any dot on the chart! Continue reading