Free Post securityheaders.io New grading on securityheaders.io I recently wrote about how I'm giving up on HPKP and as part of that blog post I suggested I may change the grading criteria on securityheaders.io. After listening
Free Post securityheaders.io Alexa Top 1 Million Analysis - August 2017 It's time for the 5th instalment of my Alexa Top 1 Million scan and this time around there's another new metric in the data. Previous Crawls I've done 4 previous
Free Post HPKP I'm giving up on HPKP HTTP Public Key Pinning is a very powerful standard that allows a host to instruct a browser to only accept certain public keys when communicating with it for a given
Free Post CSP Using security features to do bad things We have quite a few security features at our disposal to help us better protect our websites and our visitors. I talk about them a lot on my blog and
Free Post securityheaders.io Alexa Top 1 Million Crawl - August 2016 It's been 6 months since my last crawl of the Alexa Top 1 Million so it's time to dust off my servers and fire them up again! Here's my latest
Free Post report-uri.io The next major update for report-uri.io! I've just pushed the next major update to https://report-uri.io and there are some great new features that I'm really excited to be launching! The service has come a
Free Post CSP Security headers in the Alexa Top 1 Million I did a scan of the Alexa Top 1 Million back in August 2015 and published the results for everyone to see. Having just completed another scan of the current
Free Post Let's Encrypt Getting started with Let's Encrypt! Let's Encrypt, the brand new and free Certificate Authority (CA), is now in public beta and I've just switched over to start using their certificates along with auto-renewal. No more
Free Post HPKP Guidance on setting up HPKP Having recently released my HPKP toolset, I thought I'd give some guidance on the various ways you can setup HPKP and the benefits and drawbacks of each. HTTP Public Key
Free Post HPKP The HPKP toolset! HPKP is an incredibly powerful response header that allows you to whitelist the fingerprints of specific cryptographic identities. This offers you protection against a rogue Certificate Authority issuing a certificate