After the two year birthday of report-uri.io I wanted to take a look at where the service is and just how much work it's doing on a day to day basis. Here are all of the details I have to share, open for public viewing. Publishing the data Given…
Tag: report-uri.io
Total 26 Posts
With a constantly increasing traffic load to contend with, report-uri.io needs some support. Fortunately for us some help came from Imperva Incapsula who are now protecting report-uri.io with a free account on their DDoS mitigation and WAF platform. It's not just about security and availability though, there are…
With the October 2017 deadline approaching for compliance with Chrome's Certificate Transparency policy, sites can use the new Expect-CT header to determine if they're ready. It's easy to deploy and has a "report-only" mode so there's no risk involved. Here are the details. Certificate Transparency CT has been around for…
Up until now we've had to rely on GET parameters to identify whether CSP reports were enforced or sent as part of a report-only policy. This added friction for the host and on report-uri.io I've seen a lot of problems caused by this. Things are set to change. Sending…
The continued growth of report-uri.io has been amazing and every week I'm genuinely surprised at the sites I see signing up and enabling reporting. I've added some pretty big features to the site and now I need to address the continued growth so that the site remains sustainable. Growth…
