How I got an A+ on Mozilla Observatory

Implement those security headers with the magic of AWS Lambda@Edge

Last updated on Mar 6, 2023 AWS, Security
This page is currently WIP.

So this site is a statically generated blog, created using Hugo. It’s hosted on AWS using S3 and CloudFront. So with no webserver in play, it’s always fun to run it through security evaluation tools, like Mozilla’s Observatory!.

Unfortunately, a few weeks ago, when I ran it through Observatory, I got the following result:

Mozilla Observatory Failing Score
Mozilla Observatory Failing Score

This is obviously embarrassing for someone who focuses on security, and even though this blog has no reason for advanced security headers, I thought to myself, why shouldn’t it be an A+.

What are security headers?

Before we turn those red warning boxes into a more pleasant light green, let me give you a high-level overview of what these headers are, and why you should make sure to include them in your web properties.

Explain everything

Mozilla Observatory Passing Score
Mozilla Observatory Passing Score

Further Resources

AWS Security Serverless
Andy Dyrcz
Andy Dyrcz
Cyber Security Leader

My research interests include security, devops and privacy!