Free Post CSP Fixing mixed content with CSP As more and more sites are migrating to HTTPS, one of the biggest problems that will need solving is tracking down all of your HTTP resources to avoid mixed content...
Free Post HSTS Migrating from HTTP to HTTPS? Ease the pain with CSP and HSTS! The Chrome Security Team have just announced that they're removing the yellow warning triangle from pages with mixed content. From now on, these pages will show with the...
Free Post CSP Hardening the CSP on report-uri.io It's pretty easy to get a basic CSP setup and issued on your site, but tightening up the policy can be tricky. To benefit from protection against XSS...
Free Post CSP Safari doesn't like CSP I've recently hit a few bumps with Safari whilst implementing an improved CSP on report-uri.io [https://report-uri.io]. This blog post is to outline the issues I&...
Free Post HSTS How widely used are security based HTTP response headers? With my recent interest in security based HTTP headers like CSP and HPKP following the launch of my new service report-uri.io [https://report-uri.io], I found myself wondering just...
Free Post CSP Major update for report-uri.io Over the weekend I finalised a major update for https://report-uri.io, my new CSP and HPKP violation reporting service. Designed to make setting up and using your CSP even...
Free Post CSP Combat ad-injectors with CSP and report-uri.io A lot of people dislike adverts on websites but I'm pretty sure that everyone hates adverts that are a result of malware, ad-injectors or malicious browser extensions. Ad-injectors...
Free Post CSP CSP and HPKP violation reporting with report-uri.io After writing about both CSP and HPKP, I covered the report-uri directive that allowed a browser to send reports back to the host if their security policy was breached. Whilst...
Free Post HSTS Hardening your HTTP response headers Following the recent announcement of my new service, https://securityheaders.io, I thought I'd cover some more of the security based HTTP response headers out there and look at how to harden your existing HTTP response headers. Introduction HTTP Response headers are...
Free Post HSTS Introducing SecurityHeaders.io After looking around for a quick and easy way to analyse the HTTP response headers of websites, I regularly found myself looking in Chrome Dev Tools. This isn't...
Follow