Just how much traffic can you generate using CSP?

on CSP | report-uri.io

The ability to send reports about violations of your CSP is a fantastic feature and allows you to monitor all kinds of issues on your site in real time. There are a few things that you need to consider about CSP reporting though and I'm going to cover them in…

Using security features to do bad things

on CSP | HSTS | HPKP | hsts-preload

We have quite a few security features at our disposal to help us better protect our websites and our visitors. I talk about them a lot on my blog and a few of them, mainly security headers, get a lot of coverage. Is it possible to use these security features…

Death by copy/paste

on HSTS | hsts-preload

I was writing up an article about using security features for bad things and I stumbled across something interesting. I found what turned out to be sites having used copy/paste configurations that could potentially brick their entire site for months. HSTS and preloading For those of you unfamiliar with…

Keep cyber criminals at bay, use 2FA!

on 2fa | 2sv

One of the easiest ways to better protect your online accounts is using something called 2FA, or 2 Factor Authentication. Don't worry, it's not difficult to setup or hard to use but it will pretty much stop cyber criminals being able to access your accounts! What is 2FA? 2FA is…

Should CDNs tighten up their security?

on CDN | HSTS | hsts-preload

I was doing some work on securityheaders.io the other day and I noticed something about the CDN that I use for some of my assets. They didn't use HSTS to enforce the use of HTTPS in compliant user agents, which I thought was a little odd.   HTTP Strict…