Free Post HSTS Migrating from HTTP to HTTPS? Ease the pain with CSP and HSTS! The Chrome Security Team have just announced that they're removing the yellow warning triangle from pages with mixed content. From now on, these pages will show with the...
Free Post CSP Hardening the CSP on report-uri.io It's pretty easy to get a basic CSP setup and issued on your site, but tightening up the policy can be tricky. To benefit from protection against XSS...
Free Post CSP Safari doesn't like CSP I've recently hit a few bumps with Safari whilst implementing an improved CSP on report-uri.io [https://report-uri.io]. This blog post is to outline the issues I&...
Free Post HSTS How widely used are security based HTTP response headers? With my recent interest in security based HTTP headers like CSP and HPKP following the launch of my new service report-uri.io [https://report-uri.io], I found myself wondering just...
Free Post CSP Major update for report-uri.io Over the weekend I finalised a major update for https://report-uri.io, my new CSP and HPKP violation reporting service. Designed to make setting up and using your CSP even...
Free Post CSP Combat ad-injectors with CSP and report-uri.io A lot of people dislike adverts on websites but I'm pretty sure that everyone hates adverts that are a result of malware, ad-injectors or malicious browser extensions. Ad-injectors...
Free Post CSP CSP and HPKP violation reporting with report-uri.io After writing about both CSP and HPKP, I covered the report-uri directive that allowed a browser to send reports back to the host if their security policy was breached. Whilst...
Free Post HSTS Hardening your HTTP response headers Following the recent announcement of my new service, https://securityheaders.io, I thought I'd cover some more of the security based HTTP response headers out there and look at how to harden your existing HTTP response headers. Introduction HTTP Response headers are...
Free Post HSTS Introducing SecurityHeaders.io After looking around for a quick and easy way to analyse the HTTP response headers of websites, I regularly found myself looking in Chrome Dev Tools. This isn't...
Free Post CSP Content Security Policy - An Introduction Content Security Policy is delivered via a HTTP response header, much like HSTS, and defines approved sources of content that the browser may load. It can be an effective countermeasure...
Follow