Ensuring Secure Configuration of your Headers

Toasty

I have built a site that audits the response headers of your web applications to determine if they are configured correctly. I still have a ways to go (for example, digging into CSP configuration a bit deeper).
Following this guide does a lot to reduce your risk profile being online. Anything from Cross Site Scripting to Resource Injection.
I don't host it with Abyss (my license expired some time ago), however I did want to share it with the folks who use the software.
I'm also hoping that the Aprelium Admin team can let me know which versions of Abyss are no longer supported officially. I'd like to add an EOL warning if we detect those so folks know it is time to upgrade. I already have this in place for IIS and Apache, and nginx will be there soon enough as well.
Anyways, here's the site. Would love to get some feedback.
https://secureheader.com/

admin

Toasty,
That's a great initiative and the tool looks promising.
Coincidentally, we've been working on an article based on https://nullsweep.com/http-security-headers-a-complete-guide/ to help with headers settings. But obviously, your solution is better that a simple article.
Regarding, the lapsed license, please get in touch with us in case you need renewing it.
Regarding the score, it would be better to be more tolerant with some use cases: for example sites which have no iframes for example and which (knowingly) do not include headers related to frames and their origin.
The above suggestion may require some deep crawling work on all the site and can justify a paid option for example. ;)
Regarding Abyss Web Server versions EOL, we usually continue to support all versions (email support) but of course we do not offer patches for older versions. It is safe to say that a version that is 1 year old is probably no more supported since its SSL libraries are probably very old and have security issues.