It's time for another 6 month update on the state of security online that's a little late! This is the second report using the new data source that was announced in the last report so we have some good comparisons to make when we take a look at the data.…
Tag: HPKP
Total 27 Posts
It's been an interesting ride over the last few years but HPKP, or HTTP Public Key Pinning, is finally coming to the end of its tenure. With support now gone in the last remaining browser, HPKP has been consigned to the scrap heap. HPKPI first wrote about HPKP back in…
Yes, it's that time of year again and the last 6+ months have flown by. Time for a look at the state of security in the Top 1 Million sites on the web! Here are the results, updates, trends and analysis for the progress we've made over the last 6…
It's a little late but here it is! The analysis of the Alexa Top 1 Million sites for February of 2019. We have good news, increased numbers, new comparisons and more! The crawlI can't believe this is the 8th report I've done on the Alexa Top 1 Million and the…
It's time! August 2018 represents the 7th time I've published a report of the Alexa Top 1 Million sites so let's get stuck in and see what changes have taken place over the last six months on the biggest sites on the web. Crawler data As always the data from…
For a long time it's been difficult to set security headers when you use certain hosted solutions like Ghost Pro or GitHub Pages. All of that is about to change and you can now quickly and easily deploy any security header of your choosing and the best part, it might…
It's that time of year again! I'm really excited to publish the 6th installment of my Alexa Top 1 Million analysis so we can take a look over our progress on securing the web over the last 6 months. Previous Crawls It's hard to believe there are now 5 previous…
I saw some research published at BlackHat EU recently that detailed various ways to bypass both HSTS and HPKP in a variety of mainstream browsers. It was a novel technique and seems like a viable attack vector to bypass them, which is a big problem because both HSTS and HPKP…
I recently came across the Prism JS syntax highlighting library whilst looking at a few options to spruce up my blog. I was very disappointed, though not at all surprised, that they didn't have support for my favourite security headers, so I added it. Prism JS The Prism JS library…
HTTP Public Key Pinning, or HPKP, has sure had an interesting journey as a standard but today marks what will probably be the final blow for the dying mechanism. Chrome has announced their plans to deprecate and remove support for HPKP as soon as 29th May 2018. What is HPKP?…
