HPKP - Scott Helme (Page 2)

Adding security headers to Prism JS

I recently came across the Prism JS syntax highlighting library whilst looking at a few options to spruce up my blog. I was very disappointed, though not at all surprised,...

Free Post

HPKP

The death knell for HPKP?

HTTP Public Key Pinning, or HPKP, has sure had an interesting journey as a standard but today marks what will probably be the final blow for the dying mechanism. Chrome has announced [https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ]...

Free Post

securityheaders.io

New grading on securityheaders.io

I recently wrote about how I'm giving up on HPKP and as part of that blog post I suggested I may change the grading criteria on securityheaders.io. After listening...

Alexa Top 1 Million Analysis - August 2017

Free Post

securityheaders.io

Alexa Top 1 Million Analysis - August 2017

It's time for the 5th instalment of my Alexa Top 1 Million scan and this time around there's another new metric in the data. Previous Crawls I've done 4 previous...

Free Post

HPKP

I'm giving up on HPKP

HTTP Public Key Pinning is a very powerful standard that allows a host to instruct a browser to only accept certain public keys when communicating with it for a given...

Using security features to do bad things

Free Post

CSP

Using security features to do bad things

We have quite a few security features at our disposal to help us better protect our websites and our visitors. I talk about them a lot on my blog and...

Free Post

securityheaders.io

Alexa Top 1 Million Crawl - August 2016

It's been 6 months since my last crawl of the Alexa Top 1 Million so it's time to dust off my servers and fire them up again! Here's my latest...

Free Post

report-uri.io

The next major update for report-uri.io!

I've just pushed the next major update to https://report-uri.io and there are some great new features that I'm really excited to be launching! The service has come a...

Security headers in the Alexa Top 1 Million

Free Post

CSP

Security headers in the Alexa Top 1 Million

I did a scan of the Alexa Top 1 Million back in August 2015 and published the results for everyone to see. Having just completed another scan of the current...

Free Post

Let's Encrypt

Getting started with Let's Encrypt!

Let's Encrypt [https://letsencrypt.org/], the brand new and free Certificate Authority (CA), is now in public beta and I've just switched over to start using their certificates along with...