CSP allows a host to specify a whitelist of approved sources that a browser can load content from and is an effective countermeasure for XSS attacks. Read more.
HPKP allows a host to specify a whitelist of cryptographic identities that a browser should trust going forwards to protect users from MiTM attacks using forged certificates. Read more.
Expect-CT allows a host to prepare for the upcoming deadline for CT compliance and to then enforce their policy going forwards.
Expect-Staple allows a host to determine how reliable their OCSP Stapling implementation is by reporting errors before commiting to Must-Staple certificates. Read more.
I'm Scott Helme, creator of report-uri.io, Information Security Consultant and blogger based in the UK. You can find more of my work over at scotthelme.co.uk where I talk a lot about security, privacy and performance online.
I created report-uri.io for two main reasons. Firstly, CSP and HPKP are powerful security features that go widely unused across the web. Secondly, for those who do implement CSP or HPKP, the reporting features can be difficult to implement and tricky to get right. I want report-uri.io to bring attention to the benefits and ease of deployment of CSP and HPKP and make violation reporting just as easy to do. Simply sign up, grab your unique URI and start collecting reports!
report-uri.io is built on DigitalOcean's powerful cloud computing platform where servers have SSD RAID, a 1Gb/sec NIC, a powerful multi-core CPU and ECC RAM. Further to that, we harness the speed and scalability of Microsoft's Azure Table Storage for all of our storage needs.
With Microsoft's Azure Table Storage offering Geographically Redundant Storage, there are 6 copies of your data stored across different Azure regions. Coupled with the automatic scaling of resources using the DigitalOcean API, you should always have reliable access to the site and your data.
Register
for your free account today to get started using the site.
Collect
your reports by adding the report-uri directive to your policies.
Analyse
the data and identify issues with your site or your policies.