How I got an A+ on Mozilla Observatory
Implement those security headers with the magic of AWS Lambda@Edge
So this site is a statically generated blog, created using Hugo. It’s hosted on AWS using S3 and CloudFront. So with no webserver in play, it’s always fun to run it through security evaluation tools, like Mozilla’s Observatory!.
Unfortunately, a few weeks ago, when I ran it through Observatory, I got the following result:
This is obviously embarrassing for someone who focuses on security, and even though this blog has no reason for advanced security headers, I thought to myself, why shouldn’t it be an A+.
What are security headers?
Before we turn those red warning boxes into a more pleasant light green, let me give you a high-level overview of what these headers are, and why you should make sure to include them in your web properties.