We have quite a few security features at our disposal to help us better protect our websites and our visitors. I talk about them a lot on my blog and a few of them, mainly security headers, get a lot of coverage. Is it possible to use these security features…
Tag: HSTS
Total 17 Posts
I was writing up an article about using security features for bad things and I stumbled across something interesting. I found what turned out to be sites having used copy/paste configurations that could potentially brick their entire site for months. HSTS and preloading For those of you unfamiliar with…
I was doing some work on securityheaders.io the other day and I noticed something about the CDN that I use for some of my assets. They didn't use HSTS to enforce the use of HTTPS in compliant user agents, which I thought was a little odd. HTTP Strict Transport…
It's been 6 months since my last crawl of the Alexa Top 1 Million so it's time to dust off my servers and fire them up again! Here's my latest observations of security on the top 1 million sites on the Web. What I'm looking for I use these crawls…
My registrar had an offer on domains so I figured I'd grab one and test out the HSTS preload process as it currently stands. I want to track how easy it is to preload and how long it takes for full browser coverage in vendor preload lists. What's preloading? HSTS,…
