HTTP Security Headers: Football Clubs Put to the Test

After checking out a great article, by developer and football fan Daniel Mcilroy, we were surprised to see how poorly so many football club websites fare on some fundamental security parameters.

Using a freely available tool Daniel put the Premier League club websites to the test to see how many of them had implemented HTTP security headers – best practice when it comes to keeping a website secure.

There is, as he points out, one clear winner in West Ham United – a club website that we are proud to have recently designed and developed in close collaboration with the club’s forward-thinking digital team. It was the only website to achieve the A rating, way ahead of most of the rest of the league.

Championship Clubs’ Results

We were curious – if only an Other Media-crafted website could hit the A-grade in the Premier League then how does the Championship, where more and more clubs are taking control of their digital fan experience, look:

Cardiff City* A
Peterborough United* A
Swansea City* A
West Bromwich Albion* A
AFC Bournemouth D
Barnsley D
Blackburn Rovers D
Blackpool D
Bristol City D
Coventry City D
Derby County D
Huddersfield Town D
Hull City D
Luton Town D
Middlesbrough D
Millwall D
Nottingham Forest D
Preston North End D
Reading D
Sheffield United D
Stoke City D
Birmingham City F
Fulham F

*these teams all have one thing in common – they chose to work with a team that not only cares about how a website looks and performs for the user but also takes security seriously.

What are HTTP security headers?

When a user tries to access a web page the browser requests it from a web server. The server then responds with the content and HTTP response headers (including security headers) instruct the browser how to handle the web page’s content.

Why do they matter?

The security headers contain data that ensure your website behaves as you intend. For example by implementing the Strict-Transport-Security header you force the browser to communicate solely over HTTPS (a secure, protected connection between the user and your website).

These headers therefore help to mitigate against attacks and security vulnerabilities and you shouldn’t be without them.

It’s also worth noting that they can positively impact SEO, so anyone creating content for their website will want to know that they have these features implemented.

Cyber Essentials – for your security

When working with any organisation that handles anything digital you can look for the Cyber Essentials badge (often in a website’s footer, like ours). This is a government-backed scheme that ensures organisations meet strict cyber security standards in order to display the Cyber Essentials accreditation. We strongly advise anyone, from football clubs to footwear vendors, to talk to their digital development team about the security measures that they follow.


Trusted Design & Development

Drop us a line to discuss how we can help you deliver a digital experience that not only looks good and performs beautifully but is equally every bit as secure as you need it to be.

Get in Touch