It's a little late but here it is! The analysis of the Alexa Top 1 Million sites for February of 2019. We have good news, increased numbers, new comparisons and more!The crawlI can't believe this is the 8th report I've done on the Alexa Top 1 Million and the…
Tag: CSP
Total 34 Posts
I've seen this mentioned a few times now and I think it's time we had some solid facts on why this just isn't the case. Like many restrictions around deploying HTTPS have recently bitten the dirt, backwards compatibility is also another one we can strike off the list.Recent advancementsOver…
We've seen a few notable news events this year along the same lines. Major websites have suffered serious breaches not because they were hacked, but because of a compromise in a 3rd party dependency. Two of the biggest stories involved targetted attacks on payment data, they were skimming credit card…
It's time! August 2018 represents the 7th time I've published a report of the Alexa Top 1 Million sites so let's get stuck in and see what changes have taken place over the last six months on the biggest sites on the web. Crawler data As always the data from…
I got a DM from a journalist called Jordan Pearson this evening and what started out as a quick comment for an article turned into an investigation of an ongoing issue. etherscan.io Etherscan is ranked as the 1,379th site in the world according to Alexa, so they're pretty…
Today I'm really excited to announce one of the first big steps that Report URI is taking towards making CSP even easier to use, deploy and maintain. With the introduction of the CSP Wizard, it's never been easier to create a CSP for your site. Setting up a CSP Until…
For a long time it's been difficult to set security headers when you use certain hosted solutions like Ghost Pro or GitHub Pages. All of that is about to change and you can now quickly and easily deploy any security header of your choosing and the best part, it might…
It's that time of year again! I'm really excited to publish the 6th installment of my Alexa Top 1 Million analysis so we can take a look over our progress on securing the web over the last 6 months. Previous Crawls It's hard to believe there are now 5 previous…
We saw a pretty big event take place over the weekend where a 3rd party provider was compromised and their JS library was altered. The alteration introduced a crypto mining script that was then subsequently included on over 4,000 websites that I know of, many of which were Government…
The most common way to set a Content Security Policy on your site is to deliver it as a HTTP response header, but that's not always possible. On hosted platforms like GitHub Pages, Ghost Pro or WordPress it's not always easy or even possible to set a HTTP response header.…
