I was writing up an article about using security features for bad things and I stumbled across something interesting. I found what turned out to be sites having used copy/paste configurations that could potentially brick their entire site for months. HSTS and preloading For those of you unfamiliar with…
Tag: HSTS
Total 21 Posts
I was doing some work on securityheaders.io the other day and I noticed something about the CDN that I use for some of my assets. They didn't use HSTS to enforce the use of HTTPS in compliant user agents, which I thought was a little odd. HTTP Strict Transport…
It's been 6 months since my last crawl of the Alexa Top 1 Million so it's time to dust off my servers and fire them up again! Here's my latest observations of security on the top 1 million sites on the Web. What I'm looking for I use these crawls…
My registrar had an offer on domains so I figured I'd grab one and test out the HSTS preload process as it currently stands. I want to track how easy it is to preload and how long it takes for full browser coverage in vendor preload lists. What's preloading? HSTS,…
I did a scan of the Alexa Top 1 Million back in August 2015 and published the results for everyone to see. Having just completed another scan of the current Alexa Top 1 Million with additional metrics being tracked, I thought I'd compare the results and see how much progress…
