Security Headers

We're happy to announce that Security Headers will be joining @probely! Read more from our founder, @Scott_Helme, in his blog post: scotthelme.co.uk/security-heade…

For the first time in a long time, we've just updated our Grading Criteria. You can read the full details from our founder, @Scott_Helme, over on the @probely blog: probely.com/blog/a-balance…

This is something I've wanted to dig into for years but I've just never had the time to do it! A deep analysis into the @securityheaders scan data, now possible thanks to our partnership with @probely 😎 probely.com/blog/unveiling…

Did somebody say Security Headers?! 💙

Can anyone tell me the story behind the HSTS max-age value on Amazon? 🤔 There’s got to be a reason behind that! @amazon @AWSSecurityInfo @securityheaders securityheaders.com/?q=amazon.com&…

We’re at @BlackHatEvents with @probely! 🔒 Stop by booth #1486, try out a free scan of your website, grab some cool swag and meet our founder @Scott_Helme 😎 prbly.us/3Ow4qNi

Since our inception, we've now conducted 250,000,000+ scans!!! 🎉🥳🔒🌍💙 scotthelme.co.uk/celebrating-25…

👀

Come and find us at @NDC_Conferences Oslo for our first ever vendor exhibit! Meet our founder, see a product demo, enter our hacking competition or watch our artist create your swag live on the stand! It's going to be epic, we'll see you there 😎 report-uri.com/event/ndc_oslo…

Safari 16.4 is bringing support for the Reporting API! This means reports can be sent out-of-band asynchronously, and, we’re getting some new reports too. ✅ Reporting API ✅ COEP violation reporting ✅ COOP/COEP nav violation reporting webkit.org/blog/13966/web…

A few people reached out to say they couldn't get their corporate card or approval in time so I've extended this code for another 7 days! Apparently when you work for a company there's like "processes" and stuff! Who knew?! 😅 Use 15FORLIFE at checkout to get 15% off for life!!

It's finally here!!! The @securityheaders API 😎 Launched right here, right now, at @NDC_Conferences #ndclondon 💪 scotthelme.co.uk/announcing-the…

This is really interesting research and I wanted to know if I could expand upon it using Content Security Policy and reporting via @reporturi. I've just created inappbrowsercsp.com to do exactly that!

I'm considering changing the grading criteria on @securityheaders to allow an A+ grade with a CSP that contains unsafe-inline in the style-src directive. What are your thoughts?

1 TRILLION REPORTS!!!1!!1! 🌟✨🥳🥂🍾

@israelbestsales Nope, no caching. For generating a CSP I would recommend the CSP Wizard by @reporturi: docs.report-uri.com/setup/wizard/

@securityheaders You don't cache them ? Or if I made a request 5 minutes after another one... Also is there a good way to generate a CSP based on my current site... like it takes the current external sources and formats them properly as a header ?

@securityheaders how often does securityheaders refresh?

150,000,000+ scans?! A huge thanks to our sponsor @probely who have supported us through this milestone and made it possible! 😱💪🔥🎉❤🌍🔒

@sephr Not at present, sorry! cc @Scott_Helme

@securityheaders Do you have any plan to detect runtime-generated <meta> CSPs?

We're *fast* approaching 150,000,000 scans!!! Big thanks to our sponsor @probely, who continue to support us and make this all possible 🤩