Well, 2018 has been another outrageous year and looking back across some of the things I've done is actually pretty mind boggling! As the year is drawing to a close, I feel absolutely exhausted and now I can see why.

Report URI

Another massive part of 2018 for me, just like last year in 2017, is of course Report URI.

After taking investment and launching the commercial version of Report URI we've seen consistent month-on-month growth in everything across the board from users to subscribers and reports to bandwidth. One of the highlights of 2018 for me had to be Report URI winning the 'Best Emerging Technology 2018' award at the SC Awards Europe.

It was such an awesome feeling to have recognition of all the work we're doing and we're looking forward to more awards in 2019! There's also been a whole heap of blog posts about Report URI including launching the CSP Wizard, hacking Table Storage to do ORDER BY and LIKE queries, launching Report URI JS, improved filtering, our use of Cloudflare Workers for huge improvements in performance and loads more. If you like cool graphs and numbers on the service then Report URI: A week in numbers is well worth checking out. We were pushing over 10,000,000,000 (yes, 10 billion) reports per week and all of the graphs and numbers are in that post.

Security Headers

It was another awesome year for Security Headers which also saw continued growth in traffic volumes and the number of scans completed.

We're averaging at almost 15,000 unique visitors per day and completing a significant amount of scans too. Alongside this we launched a Cloudflare Worker so any site can easily add Security Headers, we moved to our .com domain, added support for Feature Policy and Clear Site Data and generally kept things running smoothly and made various upgrades and tweaks in the background too!

Media Appearances

2018 started off well with the media and we barely made it through January before the first big event kicked off with thousands of government websites being hit by cryptojacking.

That was such a big story it made it onto BBC Click and then onto BBC News Worldwide, we even made a TV show (iPlayer, YouTube) about crypto currencies and cryptojacking.

There were two TV shows that we filmed in 2017 and were produced and release in 2018. BBC Click - Live and Clicking (iPlayer, YouTube) and The Kyle Files on ITV.

The last major appearance was on the BBC Travel Show (iPlayer) talking about safely using Wi-Fi while travelling and what a VPN is.

On top of that I had numerous mentions, comments and coverage in national and international news outlets, most of which are listed on my Media Archive page.


Following a great year in 2017 for training, in 2018 I teamed up with Troy Hunt to deliver Hack Yourself First. Troy announced we were working together in January and throughout the year I've delivered 4 courses in the UK, Europe and Canada with great results and already have a couple booked for 2019.

Alongside the Hack Yourself First course I've also continued to deliver The Best TLS Training in The World with Feisty Duck and managed a staggering 26 of those! That brings my total training days in 2018 to 60 days in 15 different countries.


Another improvement over last year with 13 speaking engagements in 7 different countries this year, including 2 keynotes! I did seem to manage to rack up quite a few air miles...

If you're like to look over my speaking engagements and see some of my talks, I have an archive on my Talks page where you can see them all.


With so many training and speaking engagements it's hard to avoid having done a lot of travel. While it is great to travel, the act of travelling is gruelling and really does take its toll. As I looked over my TripIt account for the year and added everything up, I'm not surprised I feel a little worn out as we approach the end of 2018...

Car journeys - 10. Mostly North/Central England.

Train journeys - 57. Mostly Scotland and London/South England.

Flights - 73. Everywhere!

Yeah, 73 flights this year... I can't even compute that in honesty, crazy! I have managed to do my fair share of fun things whilst travelling this year so it's not all that bad. I drove a few nice cars, especially in Vegas where we had a Tesla Model 3, Lamborghini Gallardo, BMW M4 and Polaris Slingshot over a couple of weeks!

I even managed to do a helicopter ride again this year which my wife was equally thrilled and terrified about!


Another super year for blogging, which is something I really enjoy, I published a whopping 70 blogs at the time of writing! To try and support the time I spend on creating content I launched my Patreon page and also got a sponsor for my blog. If you'd like to sponsor my blog then check out the Sponsor Page or you can support me on Patreon here.

This brings me up to a total of 261 blog posts!

One of the biggest hitters was probably the right at the start of the year when the UK, US and Australian governments were hit with cryptojacking on their sites. A lot more has happened though, far too much to list, but some of the other highlights for me are that I now have sponsorship on my blog, countless updates to Report URI, my European Security Bloggers Awards win and hacking Iot Smart Cameras,


This was the year I published my first Pluralsight course featuring alongside Troy where we covered "Modern Browser Security Reports".  

This was a no-brainer for me given how heavily I'm involved with security reporting mechanisms in the browser and the course was an absolute blast to film too. There was however a little... err... misunderstanding because Troy (being Australian) can't speak proper English apparently ¯\_(ツ)_/¯


Many people will be familiar with my bi-annual reports on security in the Alexa Top 1 Million sites on the web. This year I published the February 2018 and August 2018 versions of that report to much anticipation and the results did not dissappoint. Once of the best metrics by far is still how amazingly well we're doing at moving the web to HTTPS.

One thing that I did want to do though was to make the crawler data behind it more widely available. Whilst I did start publishing the raw data back in 2017 it's a lot of work to do something useful with it. That' where Crawler.Ninja comes in.

The site does link out to the raw data files if you want them, but it also produces some nice, high-level statistics from the crawl every day that can be easily consumed. You can check them all out here: https://crawler.ninja/files/


This was an easy project for me and something that I've used personally for some time but decided to open up to the public to use too. There was no launch blog post for this one and the site is pretty self explanatory. You can go and check it out if you like: http://httpforever.com


This was a joint project started with Troy and you can read the launch blog post here. In short it's a list of the largest sites in the world that aren't actively redirecting their visitors to HTTPS when you visit the site on HTTP. It's based on my crawler data mentioned above.


Whilst most of my code work this year was on Report URI, all of my other projects are hosted on GitHub too like Security Headers and various others mentioned above. Here's my activity for the year.

All in all that's pretty good! Plenty of code reviews and working on issues there, coupled with commits and PRs too.

Looking forward to 2019

I predicted back in 2017 that 2018 would be a crazy year, and it sure has been. As 2018 ends and I look forward to 2019 I can't help but feel it will be a lot more of the same. Report URI is seeing awesome growth and we're going to keep pushing that hard. Speaking and training are already booking up throughout the year too. Just like this year we have a few TV slots on the cards for 2019 already and there will be plenty of travel to do for all of it. I can't wait 😎