Free Post HSTS Death by copy/paste I was writing up an article about using security features for bad things and I stumbled across something interesting. I found what turned out to be sites having used copy/...
Free Post CDN Should CDNs tighten up their security? I was doing some work on securityheaders.io [https://securityheaders.io] the other day and I noticed something about the CDN that I use for some of my assets. They...
Free Post securityheaders.io Alexa Top 1 Million Crawl - August 2016 It's been 6 months since my last crawl of the Alexa Top 1 Million so it's time to dust off my servers and fire them up again! Here's my latest...
Free Post HSTS Testing the HSTS preload process My registrar had an offer on domains so I figured I'd grab one and test out the HSTS preload process as it currently stands. I want to track how easy...
Free Post CSP Security headers in the Alexa Top 1 Million I did a scan of the Alexa Top 1 Million back in August 2015 and published the results for everyone to see. Having just completed another scan of the current...
Free Post HSTS Migrating from HTTP to HTTPS? Ease the pain with CSP and HSTS! The Chrome Security Team have just announced that they're removing the yellow warning triangle from pages with mixed content. From now on, these pages will show with the same neutral,...
Free Post HSTS How widely used are security based HTTP response headers? With my recent interest in security based HTTP headers like CSP and HPKP following the launch of my new service report-uri.io [https://report-uri.io], I found myself wondering just...
Free Post HSTS Hardening your HTTP response headers Following the recent announcement of my new service, https://securityheaders.io, I thought I'd cover some more of the security based HTTP response headers out there and look at how to harden your existing HTTP response headers. Introduction HTTP Response headers are name-value pairs...
Free Post HSTS Introducing SecurityHeaders.io After looking around for a quick and easy way to analyse the HTTP response headers of websites, I regularly found myself looking in Chrome Dev Tools. This isn't the most...
Free Post HSTS HSTS Preloading HSTS is the great little response header that tells a browser to always use SSL/TLS to communicate with your site. It doesn't matter if the user, or a link they are clicking, specifies HTTP, HSTS will remove the ability for a compatible browser...
