Free Post Report URI Introducing XSS Auditor reporting to Report URI Whilst we already have support for CSP reports over at Report URI, there is another potential source of information about XSS attacks that may be attempted or happening on your...
Free Post Cloudflare Workers The brand new Security Headers Cloudflare Worker For a long time it's been difficult to set security headers when you use certain hosted solutions like Ghost Pro or GitHub Pages. All of that is about...
Free Post HTTPS Debunking the fallacy that paid certificates are better than free certificates, and other related nonsense Those that know me or have followed me online will know I'm a massive advocate of encryption on the web. One of my goals is to help encrypt...
Free Post Security Headers When crawlers are hungry for porn... I had a bit of a strange issue on Security Headers this week and at first I thought it was someone trolling me. Turns out it wasn't someone...
Free Post HTTPS Do SSL warranties protect you? As much as rocks keep tigers away... This post is the first of two that I will be publishing over the coming days to address a few concerns that seem to be rising in the wider community....
Free Post Security Headers Alexa Top 1 Million Analysis - February 2018 It's that time of year again! I'm really excited to publish the 6th installment of my Alexa Top 1 Million analysis so we can take a...
Free Post HTTPS Why we need to do more to reduce certificate lifetimes In the early days of the encrypted web you could get certificates valid for any period of time. Long gone are those days and as more time goes by we...
Free Post nissan leaf Analysing variations in EV efficiency This blog is a break from the normal security focus of articles I write but I do have other interests outside of security! I drive an Electric Vehicle and one...
Free Post PKI Are you ready for the Symantec distrust? It's been common knowledge in the wider PKI community that Symantec, the Certificate Authority, is currently being distrusted and will soon cease to exist as a CA. My...
Free Post CSP Protect your site from Cryptojacking with CSP + SRI We saw a pretty big event take place over the weekend where a 3rd party provider was compromised and their JS library was altered. The alteration introduced a crypto mining...
