Free Post CSP Top 1 Million Analysis - June 2022 Thanks to the sponsorship provided by Venafi for this post, we have another Top 1 Million Analysis just 6 months after the last one in November 2021! Let's take a...
Free Post Crawler Report Top 1 Million Analysis - November 2021 Wow! It's been quite a while since I've had time to do my regular analysis of security in the Top 1 Million site, but it's happening again! As it's been...
Free Post Security Headers Top 1 Million Analysis - March 2020 It's time for another 6 month update on the state of security online that's a little late! This is the second report using the new data source that was announced...
Free Post HPKP HPKP is no more! It's been an interesting ride over the last few years but HPKP, or HTTP Public Key Pinning, is finally coming to the end of its tenure. With support now gone...
Free Post crawl Top 1 Million Analysis - September 2019 Yes, it's that time of year again and the last 6+ months have flown by. Time for a look at the state of security in the Top 1 Million sites...
Free Post crawl Alexa Top 1 Million Analysis - February 2019 It's a little late but here it is! The analysis of the Alexa Top 1 Million sites for February of 2019. We have good news, increased numbers, new comparisons and...
Free Post crawl Alexa Top 1 Million Analysis - August 2018 It's time! August 2018 represents the 7th time I've published a report of the Alexa Top 1 Million sites so let's get stuck in and see what changes have taken...
Free Post Cloudflare Workers The brand new Security Headers Cloudflare Worker For a long time it's been difficult to set security headers when you use certain hosted solutions like Ghost Pro or GitHub Pages. All of that is about to change...
Free Post Security Headers Alexa Top 1 Million Analysis - February 2018 It's that time of year again! I'm really excited to publish the 6th installment of my Alexa Top 1 Million analysis so we can take a look over our progress...
Free Post HSTS Bypassing HSTS or HPKP in Chrome is a badidea I saw some research published at BlackHat EU recently that detailed various ways to bypass both HSTS and HPKP in a variety of mainstream browsers. It was a novel technique...
