Free Post CSP CSP reports now indicate their disposition! Up until now we've had to rely on GET parameters to identify whether CSP reports were enforced or sent as part of a report-only policy. This added friction...
Free Post CSP CSP Nonce support in Nginx Content Security Policy is an incredibly powerful security feature but in some circumstances it can be a little difficult to deploy. Removing inline scripts or styles often comes up as...
Free Post CSP Enforcing the use of SRI Subresource Integrity is an awesome security feature that allows us to ensure that assets served by a CDN haven't been tampered with. Now, thanks to a new directive...
Free Post CSP Just how much traffic can you generate using CSP? The ability to send reports about violations of your CSP is a fantastic feature and allows you to monitor all kinds of issues on your site in real time. There...
Free Post CSP Using security features to do bad things We have quite a few security features at our disposal to help us better protect our websites and our visitors. I talk about them a lot on my blog and...
Free Post Alexa Top 1 Million Crawl - August 2016 It's been 6 months since my last crawl of the Alexa Top 1 Million so it's time to dust off my servers and fire them up...
Free Post The next major update for! I've just pushed the next major update to and there are some great new features that I'm really excited to be launching! The...
Free Post CSP Security headers in the Alexa Top 1 Million I did a scan of the Alexa Top 1 Million back in August 2015 and published the results for everyone to see. Having just completed another scan of the current...
Free Post CSP Micro-optimisation for fun! I stumbled across what I assume is a performance optimisation being used by Twitter and wondered how much I could optimise my site using a similar principle. The changes would...
Free Post CSP Fixing mixed content with CSP As more and more sites are migrating to HTTPS, one of the biggest problems that will need solving is tracking down all of your HTTP resources to avoid mixed content...