Free Post HSTS Want to Encrypt All The Things? Firefox has you covered with HTTPS-Only Mode! We are currently powering towards an encrypted Web and in recent years we've made tremendous progress on that journey. In the latest version of Firefox, a browser that's been at...
Free Post Security Headers Top 1 Million Analysis - March 2020 It's time for another 6 month update on the state of security online that's a little late! This is the second report using the new data source that was announced...
Free Post HTTPS Here's how to do HTTPS with backwards compatibility I've seen this mentioned a few times now and I think it's time we had some solid facts on why this just isn't the case. Like many restrictions around deploying...
Free Post Cloudflare Workers The brand new Security Headers Cloudflare Worker For a long time it's been difficult to set security headers when you use certain hosted solutions like Ghost Pro or GitHub Pages. All of that is about to change...
Free Post Security Headers Alexa Top 1 Million Analysis - February 2018 It's that time of year again! I'm really excited to publish the 6th installment of my Alexa Top 1 Million analysis so we can take a look over our progress...
Free Post HSTS Bypassing HSTS or HPKP in Chrome is a badidea I saw some research published at BlackHat EU recently that detailed various ways to bypass both HSTS and HPKP in a variety of mainstream browsers. It was a novel technique...
Free Post CSP Adding security headers to Prism JS I recently came across the Prism JS syntax highlighting library whilst looking at a few options to spruce up my blog. I was very disappointed, though not at all surprised,...
Free Post CSP Using security features to do bad things We have quite a few security features at our disposal to help us better protect our websites and our visitors. I talk about them a lot on my blog and...
Free Post HSTS Death by copy/paste I was writing up an article about using security features for bad things and I stumbled across something interesting. I found what turned out to be sites having used copy/...
Free Post CDN Should CDNs tighten up their security? I was doing some work on securityheaders.io the other day and I noticed something about the CDN that I use for some of my assets. They didn't use HSTS...
