Free Post Report URI Introducing the CSP Wizard on Report URI Today I'm really excited to announce one of the first big steps that Report URI is taking towards making CSP even easier to use, deploy and maintain. With...
Free Post Cloudflare Workers The brand new Security Headers Cloudflare Worker For a long time it's been difficult to set security headers when you use certain hosted solutions like Ghost Pro or GitHub Pages. All of that is about...
Free Post Security Headers Alexa Top 1 Million Analysis - February 2018 It's that time of year again! I'm really excited to publish the 6th installment of my Alexa Top 1 Million analysis so we can take a...
Free Post CSP Protect your site from Cryptojacking with CSP + SRI We saw a pretty big event take place over the weekend where a 3rd party provider was compromised and their JS library was altered. The alteration introduced a crypto mining...
Free Post Report URI Launching Report URI JS The most common way to set a Content Security Policy on your site is to deliver it as a HTTP response header, but that's not always possible. On...
Free Post CSP Optimising Twitter's CSP header I'm sat on a train right now and between bursts of WiFi connectivity I'm testing some code to parse a CSP header. Whilst looking for big...
Free Post CSP Malware hunting with CSP I recently had some great fun using CSP in a way that I've been really excited to talk about. We are starting to utilise the full power of...
Free Post CSP Adding security headers to Prism JS I recently came across the Prism JS syntax highlighting library whilst looking at a few options to spruce up my blog. I was very disappointed, though not at all surprised,...
Free Post securityheaders.io Alexa Top 1 Million Analysis - August 2017 It's time for the 5th instalment of my Alexa Top 1 Million scan and this time around there's another new metric in the data. Previous Crawls...
Free Post CSP CSP reports now indicate their disposition! Up until now we've had to rely on GET parameters to identify whether CSP reports were enforced or sent as part of a report-only policy. This added friction...
Follow