A couple of months ago I announced some updates to securityheaders.io and the new sponsorship opportunities. 2 months on I've made some further updates on feedback and have a new sponsor to announce!
securityheaders.io
Regular readers will be aware of my free service, securityheaders.io, that analyses your HTTP response headers for security features like HSTS, HPKP, CSP and others.
Well, it's time to announce a new sponsor and some of the updates that I've done recently!
New sponsor
I'm really pleased to have Applause on board as a sponsor, they're helping to keep the service up and running and free for anyone to use to help improve security online. You can see their logo is now featured at the top of the page as the site sponsor.
As outlined on my sponsor page, they don't get access to any data from the service or anything like that, nor do they get any special treatment, they're simply providing financial support to help keep the service running because they're awesome! Please do check their site out to show some appreciation for their support. Whilst this was happening I also took the opportunity to sneak a couple of new features in.
Syntax highlighting
For those who have dealt with CSP and HPKP headers, you will appreciate how they can become quite the wall of text. To try and help alleviate the burden of looking through them I've added some syntax highlighting to the output.
For CSP the directives are now in bold so they stand out and are much easier to find in the output. I've also made known CSP keywords italic so they're easier to spot too. Behind the scenes there is also a little extra validation going on that was inspired by Chrome's behaviour and suggested as a feature request on GitHub. If you'd like to see a new feature or find a problem, please file a bug.
I've also taken a similar approach with HPKP and known directives will now be made bold to make policies easier to scan through.
Behind the scenes
There have been quite a number of small improvements behind the scenes that mostly will go unseen. I've made some tweaks to improve the scanner, laid the groundwork for some new security headers that are being announced soon (check back on my blog regularly for them) and fixed a couple of bugs reported through HackerOne. Nothing serious, just some minor defects, but I will be announcing more on the bounty program soon!
That's it for now, enjoy!