Google’s John Mueller answered a question about security headers in the context of client technical SEO audits. Although he singled out one of headers as having an SEO effect, many of the other security headers, if not used, can result in a negative SEO effect.
What Are Security Headers?
Security headers are instructions sent from web servers to browsers (HTTP directives). They tell browsers how to handle content securely and help protect against common web-based attacks like cross-site scripting, clickjacking, and malicious script injection.
Some examples of what security headers protect against:
- Data theft:
Stealing sensitive user information - Session hijacking:
Stealing login sessions - Man-in-the-middle attacks:
Intercepting browser-server traffic
Which Security Headers Belong In An SEO Audit?
The person on Reddit asking the question wanted to know which security headers they should add in a technical SEO audit.
They asked:
“I wanted to conduct a full security header review audit for my website and some clients and i see csp, x frame, x content and permissions policy as important ones but are there any others that i should be potentially looking at?”
Google’s John Mueller responded that the X-Frame-Options security header was the one that might be useful in a technical SEO audit and gave a brief explanation why. His answer is actually a fairly common response but there is more to security headers and SEO than Mueller explained.
His response:
“The only security headers that I could imagine has an effect on SEO is blocking iframing by other sites, either with the old x-frame-options header, or the CSP frame-ancestors. Otherwise, from my understanding, the security headers are more about, well, security”
John Mueller is correct that the X-Frame-Options security header is the one that’s most directly relevant to SEO. But he leaves out the security headers that are indirectly related to SEO.
Why X-Frame-Options Security Header Is Relevant For SEO
The X-Frame-Options header has been around for almost twenty years but it’s still relevant today because it blocks other sites from using an iframe to display to display your site’s content. That’s why it’s useful to use this security header, it prevents other sites from ranking in Google with your content.
What’s The Deal With Security Headers?
There are six core security headers plus five more that are for specific use cases. Are they useful for SEO? In my opinion, yes they are useful for SEO because getting hacked will cause a site to no longer rank for their keywords. So yes, some of the security headers should be a part of an SEO audit, just as a review of WordPress plugins used should be a part of it.
Non-Optional Security Headers
Strict-Transport-Security (HSTS)
This forces browsers to connect to the website with secure HTTPS connections.
X-Content-Type-Options
The nosniff Directive setting in this security header helps prevent cross-site scripting (XSS). It’s not a total…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
