We're living in a pretty awesome time right now as we observe significant advances being made in the TLS/PKI ecosystem all around us. One of those advances is the introduction of Certificate Transparency and the deadline for compliance is fast approaching. Are you ready? Certificate Transparency CT is one…
Tag: Report URI
Total 14 Posts
Two of the new reporting features in https://report-uri.com currently require additions to the HSTS Preload List in Chromium. Here's a quick guide on how to request your site be added. Update 2nd May: I wrote this blog some time ago and have only just published it now. I'm…
At Report URI we're on the receiving end of several billion reports per month and handling that many reports requires a lot of processing. From analysing to see if the JSON payload is valid, checking it contains the correct fields and normalising the values, there are quite a few tasks…
Today I'm really excited to announce one of the first big steps that Report URI is taking towards making CSP even easier to use, deploy and maintain. With the introduction of the CSP Wizard, it's never been easier to create a CSP for your site. Setting up a CSP Until…
Whilst we already have support for CSP reports over at Report URI, there is another potential source of information about XSS attacks that may be attempted or happening on your site. The X-XSS-Protection header allows you to configure the XSS Auditor, deem what action it should take and request that…
