Total 27 Posts

Demonstrating HPKP validation failures

I have a couple of subdomains on scotthelme.co.uk to show how good a TLS config can be and how bad a TLS config can be and still not attract any warnings in the browser. I'm now adding a third subdomain to demonstrate what happens when your HPKP policy…

Continue Reading

Major update for report-uri.io

Over the weekend I finalised a major update for https://report-uri.io, my new CSP and HPKP violation reporting service. Designed to make setting up and using your CSP even easier, this update has now been pushed out to the live site. Here are the details. New branding The first…

Continue Reading

Hardening your HTTP response headers

Following the recent announcement of my new service, https://securityheaders.io, I thought I'd cover some more of the security based HTTP response headers out there and look at how to harden your existing HTTP response headers. Introduction HTTP Response headers are name-value pairs of strings sent back from a…

Continue Reading