I've been running report-uri.io for almost 3 years now and in that time I've been regularly shocked, surprised and thrilled at the success it's seen. It's time to take the next steps and what follows is a series of big announcements! A big investment There are so many things…
Tag: report-uri.io
HTTP Public Key Pinning is a very powerful standard that allows a host to instruct a browser to only accept certain public keys when communicating with it for a given period of time. Whilst HPKP can offer a lot of protection, it can also cause a lot of harm too.…
After the two year birthday of report-uri.io I wanted to take a look at where the service is and just how much work it's doing on a day to day basis. Here are all of the details I have to share, open for public viewing. Publishing the data Given…
With a constantly increasing traffic load to contend with, report-uri.io needs some support. Fortunately for us some help came from Imperva Incapsula who are now protecting report-uri.io with a free account on their DDoS mitigation and WAF platform. It's not just about security and availability though, there are…
With the October 2017 deadline approaching for compliance with Chrome's Certificate Transparency policy, sites can use the new Expect-CT header to determine if they're ready. It's easy to deploy and has a "report-only" mode so there's no risk involved. Here are the details. Certificate Transparency CT has been…
Up until now we've had to rely on GET parameters to identify whether CSP reports were enforced or sent as part of a report-only policy. This added friction for the host and on report-uri.io I've seen a lot of problems caused by this. Things are set to change. Sending…
The continued growth of report-uri.io has been amazing and every week I'm genuinely surprised at the sites I see signing up and enabling reporting. I've added some pretty big features to the site and now I need to address the continued growth so that the site remains sustainable. Growth…
Continuing the trend of awesome growth, report-uri.io is now seeing more reports and users than ever before. As new technologies emerge I want to keep the ever growing user base happy and to that end I'm launching some new features and reporting. Expanding Although report-uri.io started out as…
I recently made some changes to report-uri.io to introduce some sensible usage limits. As part of those limits I'd already introduced the inbound rate limit but hadn't yet implemented the removal of historic data. That's where Azure Functions are helping me out. Removing old data You can read more…
I've continued to see an incredible amount of growth for report-uri.io and it is still exceeding all of my expectations. So that I can keep the service up and running I need to make a few changes that I will outline in this post. Still growing! The site is…