🔒 Website Security Guide

Everything you need to secure your website

Why Website Security?

Every website deserves to be secure. Whether you run a small blog or a large webshop, website security is essential to protect your visitors and yourself against attacks, data breaches, and malware. This guide helps you secure your website step by step.

🛠️ The Tools: Website & Email Security

Start by testing your website AND email server with these free tools:

1. SecurityHeaders.nl - Test your HTTP Security Headers

What are Security Headers? HTTP Security Headers are instructions your website gives to browsers to activate certain security measures. They protect against common attacks like XSS, clickjacking, and code injection. How to use:

• Go to securityheaders.nl
• Enter your website URL
• Check your score (A++ is perfect, F means lots of work)
• Read the recommendations for each missing header
• Implement the headers on your server (see guides below)

2. CheckTLS.nl - Test your SSL/TLS Configuration

What is TLS/SSL? TLS (formerly SSL) is the technology that makes HTTPS possible - the padlock in your browser. It encrypts all communication between your website and your visitors, so nobody can eavesdrop or modify data. How to use:

• Go to checktls.nl
• Enter your domain (without https://)
• Wait while testssl.sh performs a thorough scan
• Check the results: green items are good, red items need attention
• Fix vulnerabilities using the guides

📧 Email Server Security

For a 100% score on Internet.nl, your email server must also be secure:

3. CheckTLS.com - Test your Email Server TLS

What does CheckTLS.com test? CheckTLS.com tests the TLS security of your EMAIL SERVER (SMTP, IMAP, POP3) - NOT your website! It checks if emails are sent and received securely. How to use:

• Go to checktls.com (NOTE: .COM not .NL!)
• Enter your MAIL SERVER (e.g. mail.yourdomain.com)
• Test SMTP (port 25/587), IMAP (port 993), and POP3 (port 995)
• Check TLS versions, cipher suites, and certificates
• Fix issues for Internet.nl mail test

4. LearnDMARC.com - Email Authentication

What does LearnDMARC.com test? LearnDMARC.com checks your SPF, DKIM, and DMARC DNS records. These prevent others from sending emails as if they come from your domain (spoofing). Essential for Internet.nl! How to use:

• Go to learndmarc.com
• Enter your domain
• Check SPF record (who can send email)
• Check DKIM (email signing)
• Check DMARC policy (what to do on failure)

🗺️ Your Security Roadmap

Follow these steps to fully secure your website:

Step 1: Ensure HTTPS

Without HTTPS, your website is fundamentally insecure. All data travels unencrypted over the internet. → See guide: Installing SSL/TLS Certificates

Step 2: Configure Security Headers

Implement the most important headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options. → See guide: HTTP Security Headers Configuration

Step 3: Harden your Server

Secure your underlying server: firewall, SSH, updates, minimal services. → See guide: Debian 12 Server Security Hardening

Step 4: Email Security

If you send email, implement SPF, DKIM, and DMARC to prevent spoofing. → See guide: Postfix with SPF, DKIM, DMARC

Step 5: Test and Monitor

Use the tools regularly to check and maintain your security. → Test with: SecurityHeaders.nl, CheckTLS.nl, SSL Labs, Internet.nl

📋 Most Important Security Headers

Every website must have these headers:

• Strict-Transport-Security (HSTS) Forces HTTPS and prevents downgrade attacks Priority: CRITICAL
• Content-Security-Policy (CSP) Prevents XSS attacks by determining which sources may be loaded Priority: HIGH
• X-Frame-Options Protects against clickjacking by blocking embedding in frames Priority: HIGH
• X-Content-Type-Options Prevents MIME-type sniffing attacks Priority: MEDIUM
• Referrer-Policy Controls which information is shared via the Referer header Priority: MEDIUM
• Permissions-Policy Controls access to browser features (camera, microphone, etc.) Priority: MEDIUM

📚 Detailed Guides

All step-by-step implementation guides:

• 📖 Debian 12 Server Setup & Hardening
• 📖 SSH Secure Configuration
• 📖 Installing SSL/TLS Certificates
• 📖 Implementing Security Headers
• 📖 Email Server Security
• 📖 Firewall Configuration
• ➡️ View all guides in the documentation section

🌐 Additional Resources & Tools

Other valuable security testing platforms:

• 🔍 SSL Labs - The gold standard for SSL/TLS testing - ssllabs.com
• 🔍 Mozilla Observatory - Comprehensive website security scans - observatory.mozilla.org
• 🔍 ImmuniWeb - Professional security testing - immuniweb.com
• 🔍 Internet.nl - Dutch standard for modern internet - internet.nl
• 🔍 SecurityHeaders.com - The original security header scanner - securityheaders.com

❓ Need Help?

Having trouble?

• Consult the documentation
• Test your website with the testlab environment "Security is not a one-time task, but a continuous process. Start today, improve every day." This guide is part of the ComputerBas mission to make website security accessible to everyone. Last updated: 23/12/2025