Free Post CSP I turned on CSP and all I got was this crappy lawsuit! Yes, you did read that right. It turns out that enabling CSP on your website, specifically CSP nonces, is enough for you to get threatening letters about patent infringement! I've...
Free Post Report URI Report URI Penetration Test In line with our constant desire to improve and offer the best service we can, Report URI recently went through an independent penetration test as many other companies and organisations...
Free Post Security Headers Top 1 Million Analysis - March 2020 It's time for another 6 month update on the state of security online that's a little late! This is the second report using the new data source that was announced...
Free Post Report URI Deprecating XSS Reports A lot has changed in the browser landscape recently and we've seen all of the mainstream browsers move away from running their own XSS Auditor or XSS Filter. Given this...
Free Post tls Big HTTPS changes coming in Chrome Chrome has certainly been one of the main contributors towards the recent push to HTTPS online and without their contribution, I do find myself wondering how much progress would have...
Free Post crawl Top 1 Million Analysis - September 2019 Yes, it's that time of year again and the last 6+ months have flown by. Time for a look at the state of security in the Top 1 Million sites...
Free Post CSP CSP nonces the easy way with Cloudflare Workers Everybody knows I'm a rather large fan of CSP and an even bigger fan of CSP reporting, but CSP can be hard. Part of my personal mission has been to...
Free Post Security Headers Security Headers Updates I've just deployed a few changes to Security Headers to bring it up to date with recent changes in the industry. Here are the details and how they might affect...
Free Post crawl Alexa Top 1 Million Analysis - February 2019 It's a little late but here it is! The analysis of the Alexa Top 1 Million sites for February of 2019. We have good news, increased numbers, new comparisons and...
Free Post HTTPS Here's how to do HTTPS with backwards compatibility I've seen this mentioned a few times now and I think it's time we had some solid facts on why this just isn't the case. Like many restrictions around deploying...
