HTTP Security Headers Analysis of Several Macedonian Website Categories

• Published in: Computer science journal of Moldova Vol. 33; no. 1(97); pp. 3 - 29
• Main Authors: Mileva, Aleksandra, Bikov, Dushan, Tasheva, Bojana, Brashnarova, Aleksandra
• Format: Journal Article
• Language: English
• Published: Vladimir Andrunachievici Institute of Mathematics and Computer Science 01.04.2025
• Subjects: clickjacking; http security headers; mozilla observatory; websites security; xss
• ISSN: 1561-4042; 2587-4330; 2587-4330
• DOI: 10.56415/csjm.v33.01

The present research focuses on the security of Macedonian websites. It involves the analysis of HTTP Security header responses for 756 websites in the country, of which 246 are the most popular. This analysis is conducted across 13 different categories of websites, including government bodies and institutions, public institutions and enterprises, educational, commercial, news and media, entertainment, sports, etc. We intend to create a comprehensive security profile for the country's websites, which will help raise their overall security level. It is critical to understand and implement proper HTTP security headers to prevent or limit the dangers that can cause website attacks such as Denial of Service (DoS), Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection, clickjacking, etc. Our analysis was performed with the help of the Mozilla Observatory tool. We have discovered a significant lack of implementation and/or misconfiguration of HTTP security headers in all categories. Almost half of the websites (n=375; 49.60\%) have an F grade, while more than a quarter of all websites (n=214; 28.31\%) have a minimal security score of 0.