Now with Security Headers!

If all goes well, you’re now viewing this blog securely. Because nothing is more important than keeping your browsing of this blog safe from spying eyes.

I host this blog on AWS. It used to be served up directly from S3 static web hosting, but I’ve gotten all fancy and added:

  • AWS CloudFront support, which should make it faster, because CDN and edge caching
  • Security headers

I used a cool Chrome plugin called Caspr Enforcer to test the Content-Security-Policy header before inflicting it on my adoring audience.

Doing this was an excellent, informative exercise because I have a number of Internet-facing web applications that really need to be properly using security headers. It also highlighted my addiction to inline styles and scripts, which you really shouldn’t be using.

Thanks to my old friend Julian Bucknall whose blog posts helped me through all of this.