As I sit and write this blog post I still find it absolutely unreal how far this little idea, that I had all of those years ago, has come! Let’s take a look back at the journey of Security Headers so far, and the journey ahead.
All the way back in Feb 2015, I was really starting to dig into the analysis of Security Headers on other sites and after getting bored of digging around in Dev Tools, I created a tool to make it easy for me. Outlined in my blog, Introducing SecurityHeaders.io, I launched the first version of the site, which looked very different to how it does today!
There was no scoring, no nice layout, it was simple and basic but it got the job done.
Less than a year later, though, in Dec 2015, I published Launching the new version of securityheaders.io, which introduced scoring for your A+ to F grade and the visuals that will be familiar with you today. The scoring was inspired by SSL Labs after I’d noticed how much people will ‘chase the grade’. If you tell someone they got a grade B, they almost naturally want to improve that, and I wanted to harness that same gamification that SSL Labs had for SSL configuration and put it to good use for Security Headers configurations!
Just a few months later and Security Headers made it to the front page of Hacker News and things really began to take off! It could have been the gamification of the grading, or just a friendly user sharing a link for us, but it resonated well with the community and we got a huge swell of support.
250,000 scans was a really big deal for me back then, and it’s pretty wild to think that we’ve added another 3 zeros since, but I had absolutely no idea that this was only the beginning!
Continuing To Grow
As the months and years ticked by, we continued to cross through some awesome milestones. As each one came and rolled by, I still couldn’t believe just how popular the site was becoming and the site seemed to be growing in popularity at a relentless pace.
Overnight we passed through 1,000,000 scans! 🎉🎉🎉 pic.twitter.com/lh6PR1Ds56— Security Headers (@securityheaders) July 8, 2016
Very quickly we hit 100,000,000 scans in Sep 2020 and I really felt like I’d made something to be proud of. One of the most notable memories I have around that time was of an old colleague and friend sharing a penetration test report with me that they’d received and in it, a screenshot from the Security Headers site!! Their guidance was that they needed to improve their HTTP Response Headers and Security Headers had established itself as such a reputable player in the industry, they were happy to refer to us as their proof with a grade F! If you’ve got any similar stories, or places that you’ve seen Security Headers linked or referenced, please let me know in the comments below, it’d be awesome to see.
In that very same month, we also announced our newest sponsor, Probely, who were one of only a few companies to ever come forwards and support this free tool used by so many. This sponsorship would turn out to be our longest standing, and most supportive, eventually culminating in an even larger announcement. The growth of the site continued and Security Headers added more powerful capabilities and became yet more popular. As the awareness around Cyber Security continued to rise, or as more people just shared a link to this free tool, the numbers grew and grew.
You can see the clear upward kick in our scan numbers from Feb 2019 onwards, and whilst I don’t know exactly what happened to cause that, it’s been a mega journey to see it not only grow the way it has, but to continue to maintain that growth too.
To The Future
Regular readers will know that just a few weeks back, I announced that Security Headers is joining Probely. That blog post outlines all of the details so you can head over there if you want the lowdown, but one of things that I said in that announcement was that Security Headers would live on exactly as you knew it before. And it has.
Security Headers is continuing to see the same rate of growth under Probely that it did previously and we’re currently working on things behind the scenes to make that even better. My previous blog post on Security Headers announced our new API so you can easily, and cheaply, automate the regular scanning of your websites and I’m also really happy to see great growth there too.
All in all, I couldn’t be more pleased with how things are working out for this little tool that I built to make my life a little easier and then decided to share with the World! Hopefully I’ll see you back here in 2024 for the 300,000,000 scans announcement 😎