Scott Helme (Page 34)

Monitoring HTTP/2 usage in the wild

Having recently enabled HTTP/2 support [https://scotthelme.co.uk/tag/http-2/] on my blog, I was curious to see just how many of my visitors would be using the...

Free Post

HTTP/2

Supporting HTTP/2 with NginX

My blog now features HTTP/2 support thanks to the latest version of NginX. I'm going to walk through how to build the latest version of NginX and enable HTTP/2 support on your own server. Install the latest version At the...

Free Post

report-uri.io

Further improvements to report-uri.io

I've just pushed another update to https://report-uri.io that brings quite a few new features and improvements. This update brings about the second significant set of changes...

Free Post

HSTS

Migrating from HTTP to HTTPS? Ease the pain with CSP and HSTS!

The Chrome Security Team have just announced that they're removing the yellow warning triangle from pages with mixed content. From now on, these pages will show with the...

Free Post

HTTP/2

HTTP/2 is here!

After more than 15 years of living with HTTP/1.1 we can finally start to enjoy the benefits of HTTP/2! As an early adopter I've taken a look at some of the key improvements in HTTP/2 and how we...

Free Post

CSP

Hardening the CSP on report-uri.io

It's pretty easy to get a basic CSP setup and issued on your site, but tightening up the policy can be tricky. To benefit from protection against XSS...

Free Post

SRI

Subresource Integrity: Securing CDN loaded assets

Most sites on the Internet these days load some kind of content from a CDN, usually JS and CSS. Whilst this comes with great performance boosts and savings on bandwidth, we're trusting that CDN to load content into our pages, content that...

Free Post

CSP

Safari doesn't like CSP

I've recently hit a few bumps with Safari whilst implementing an improved CSP on report-uri.io [https://report-uri.io]. This blog post is to outline the issues I&...

Free Post

HPKP

Guidance on setting up HPKP

Having recently released my HPKP toolset [https://scotthelme.co.uk/hpkp-toolset/], I thought I'd give some guidance on the various ways you can setup HPKP and the benefits...

Free Post

HPKP

The HPKP toolset!

HPKP is an incredibly powerful response header that allows you to whitelist the fingerprints of specific cryptographic identities. This offers you protection against a rogue Certificate Authority issuing a certificate...

Scott Helme

Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption.

Monitoring HTTP/2 usage in the wild

Supporting HTTP/2 with NginX

Further improvements to report-uri.io

Migrating from HTTP to HTTPS? Ease the pain with CSP and HSTS!

HTTP/2 is here!

Hardening the CSP on report-uri.io

Subresource Integrity: Securing CDN loaded assets

Safari doesn't like CSP

Guidance on setting up HPKP

The HPKP toolset!

Upcoming Events

Cheat Sheets

Projects

Upcoming Events

Cheat Sheets

Projects

Follow