Free Post CSP Overriding HTTP Response Headers in Chrome Dev Tools There's a new feature in Chrome Dev Tools that's going to make it easier than ever to get started with Security Headers like Content Security Policy! Let's take a look...
Free Post HTTPS Goodbye, old friend 👋🔒 It's been a really long time coming, but, the end is finally here for the padlock icon in the address bar! 🔒🚫 A Long Road Wow, where do I start?! Whilst...
Free Post tls Big HTTPS changes coming in Chrome Chrome has certainly been one of the main contributors towards the recent push to HTTPS online and without their contribution, I do find myself wondering how much progress would have...
Free Post chrome URLs are hard, let's kill them We've seen a couple of changes in the Chrome UI recently and one of them attracted some pretty fierce criticism online rather quickly. With the removal of some of the...
Free Post HTTPS Hacking Chrome to Look More Awesome! I've been playing around with a few of the 'hidden' flags in the Chrome browser and I've come up with a selection of settings that I think really improve the...
Free Post chrome Chrome to the future We recently saw the release of Chrome 68 which brought with it a default 'Not Secure' warning on all HTTP pages. This change appears to have come as a surprise...
Free Post HTTP One small step for a browser, one giant leap for web security! With the release of Chrome 68 we're seeing a fundamental shift in our expectations of security on the Web, we will now see the 'Not Secure' warning present on all...
Free Post chrome Adding Expect-CT and Expect-Staple entries to the HSTS Preload List Two of the new reporting features in https://report-uri.com currently require additions to the HSTS Preload List in Chromium. Here's a quick guide on how to request your site...
Free Post PKI Are you ready for the Symantec distrust? It's been common knowledge in the wider PKI community that Symantec, the Certificate Authority, is currently being distrusted and will soon cease to exist as a CA. My worry is...
Free Post HSTS Bypassing HSTS or HPKP in Chrome is a badidea I saw some research published at BlackHat EU recently that detailed various ways to bypass both HSTS and HPKP in a variety of mainstream browsers. It was a novel technique...
Follow