If you wander around the exhibition floor of your favorite Information Security conference, you will certainly find companies that sell a security scorecard service for web applications and web sites in general. My first question to these folks is always “how do you score the sites?” In this handy article, Charlie Belmer explains the connection between HTTP Security Headers and Security Scorecard scores, and provides a convenient reference to HTTP Security Headers as well.

HTTP Security Headers – A Complete Guide