Scott Helme
@scotthelme.bsky.social
Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption.
https://scotthelme.co.uk
https://scotthelme.co.uk
We provide information on the steps for remediation, and link out to verified sources of information on the vulnerability if you'd like more information.
September 29, 2025 at 11:11 AM
We provide information on the steps for remediation, and link out to verified sources of information on the vulnerability if you'd like more information.
Along with identifying the JS files on your site, we can also cross-check them against our database of Known Vulnerabilities, and flag when you're loading JS with serious issues!
September 29, 2025 at 11:11 AM
Along with identifying the JS files on your site, we can also cross-check them against our database of Known Vulnerabilities, and flag when you're loading JS with serious issues!
We've already built a database of almost 13,000,000 fingerprints that we have verified, meaning we can reliably identify files loading on your site.
September 29, 2025 at 11:11 AM
We've already built a database of almost 13,000,000 fingerprints that we have verified, meaning we can reliably identify files loading on your site.
You can now fingerprint JS running on your site with a cryptographically secure hash function and have that data sent to report-uri.com This is native browser functionality, so there is no code to deploy anywhere!
September 29, 2025 at 11:10 AM
You can now fingerprint JS running on your site with a cryptographically secure hash function and have that data sent to report-uri.com This is native browser functionality, so there is no code to deploy anywhere!
This is absolutely unbelievable!!!
We've just passed through 2 trillion events processed at
Report URI!!! report-uri.com
🤯🥳🎉
We've just passed through 2 trillion events processed at
Report URI!!! report-uri.com
🤯🥳🎉
July 2, 2025 at 6:10 PM
This is absolutely unbelievable!!!
We've just passed through 2 trillion events processed at
Report URI!!! report-uri.com
🤯🥳🎉
We've just passed through 2 trillion events processed at
Report URI!!! report-uri.com
🤯🥳🎉
I might like this version of the graph more! 🤔
April 22, 2025 at 2:19 PM
I might like this version of the graph more! 🤔
Here's what that looks like when viewing the full history, which shows we recently stalled out on our progress to shorter certificates, and even these new deadlines are a much reduced rate of progress:
April 22, 2025 at 1:42 PM
Here's what that looks like when viewing the full history, which shows we recently stalled out on our progress to shorter certificates, and even these new deadlines are a much reduced rate of progress:
Straight to the point, here is the schedule for the reduction in certificate lifetimes!
March 15th 2026: All new certificates capped at 200 days validity
March 15th 2027: All new certificates capped at 100 days validity
March 15th 2029: All new certificates capped at 47 days validity!
March 15th 2026: All new certificates capped at 200 days validity
March 15th 2027: All new certificates capped at 100 days validity
March 15th 2029: All new certificates capped at 47 days validity!
April 22, 2025 at 1:41 PM
Straight to the point, here is the schedule for the reduction in certificate lifetimes!
March 15th 2026: All new certificates capped at 200 days validity
March 15th 2027: All new certificates capped at 100 days validity
March 15th 2029: All new certificates capped at 47 days validity!
March 15th 2026: All new certificates capped at 200 days validity
March 15th 2027: All new certificates capped at 100 days validity
March 15th 2029: All new certificates capped at 47 days validity!
Even if I switch to cellular data, or VPN to a new IP address altogether, they still don’t work. This is an example with my email signature, but no images work at all.
February 7, 2025 at 9:58 AM
Even if I switch to cellular data, or VPN to a new IP address altogether, they still don’t work. This is an example with my email signature, but no images work at all.
It doesn't seem like rate limits make sense, and the status codes we're getting for images in our emails is a 403, not something like a 429 as I'd expect. We also don't send/receive that many emails so rate limits again don't sound very likely?
February 7, 2025 at 9:57 AM
It doesn't seem like rate limits make sense, and the status codes we're getting for images in our emails is a 403, not something like a 429 as I'd expect. We also don't send/receive that many emails so rate limits again don't sound very likely?
This is pretty nuts, we've been having issues with our @fastmail.com emails where images aren't working...
They're suggesting rate limits at @cloudflare.social are the issue, but how much sense does that make?
Either way, Fastmail recommendation is to stop using their app and web interface?!
They're suggesting rate limits at @cloudflare.social are the issue, but how much sense does that make?
Either way, Fastmail recommendation is to stop using their app and web interface?!
February 7, 2025 at 9:57 AM
This is pretty nuts, we've been having issues with our @fastmail.com emails where images aren't working...
They're suggesting rate limits at @cloudflare.social are the issue, but how much sense does that make?
Either way, Fastmail recommendation is to stop using their app and web interface?!
They're suggesting rate limits at @cloudflare.social are the issue, but how much sense does that make?
Either way, Fastmail recommendation is to stop using their app and web interface?!
Last weekend, we headed to Whittlebury Hall at the legendary Silverstone Circuit for the Caterham Motorsport Awards. After a tough season, and fighting to the very end, I landed myself P2 in the championship and a pretty sizeable piece of silverware! 🥈🏆🏁🏎️🔥💨
Congrats to Paul on his well deserved P1!
Congrats to Paul on his well deserved P1!
December 5, 2024 at 4:13 PM
Last weekend, we headed to Whittlebury Hall at the legendary Silverstone Circuit for the Caterham Motorsport Awards. After a tough season, and fighting to the very end, I landed myself P2 in the championship and a pretty sizeable piece of silverware! 🥈🏆🏁🏎️🔥💨
Congrats to Paul on his well deserved P1!
Congrats to Paul on his well deserved P1!
Exactly 9 years ago today, I committed the first line of code to the report-uri.com git repository!
So much has changed since then, and yet, much remains the same! Here's to one more year to hit that milestone of being a decade old! 💪
So much has changed since then, and yet, much remains the same! Here's to one more year to hit that milestone of being a decade old! 💪
November 24, 2024 at 5:31 PM
Exactly 9 years ago today, I committed the first line of code to the report-uri.com git repository!
So much has changed since then, and yet, much remains the same! Here's to one more year to hit that milestone of being a decade old! 💪
So much has changed since then, and yet, much remains the same! Here's to one more year to hit that milestone of being a decade old! 💪
Over the last 24 hours, report-uri.com has processed more than 1,000,000,000 pieces of telemetry!
This gives us a unique view of JavaScript behaviour across the Web, as observed by over 15,000,000 unique browsers around the World.
Talk about Threat Intelligence capabilities!
This gives us a unique view of JavaScript behaviour across the Web, as observed by over 15,000,000 unique browsers around the World.
Talk about Threat Intelligence capabilities!
November 19, 2024 at 10:39 AM
Over the last 24 hours, report-uri.com has processed more than 1,000,000,000 pieces of telemetry!
This gives us a unique view of JavaScript behaviour across the Web, as observed by over 15,000,000 unique browsers around the World.
Talk about Threat Intelligence capabilities!
This gives us a unique view of JavaScript behaviour across the Web, as observed by over 15,000,000 unique browsers around the World.
Talk about Threat Intelligence capabilities!
I've updated my blog post to reflect the updated proposal, which has significantly extended the timeline for implementation.
We will now see no change until March 2026, and the final change has been pushed all the way back to March 2028.
scotthelme.co.uk/are-shorter-...
We will now see no change until March 2026, and the final change has been pushed all the way back to March 2028.
scotthelme.co.uk/are-shorter-...
November 14, 2024 at 9:26 PM
I've updated my blog post to reflect the updated proposal, which has significantly extended the timeline for implementation.
We will now see no change until March 2026, and the final change has been pushed all the way back to March 2028.
scotthelme.co.uk/are-shorter-...
We will now see no change until March 2026, and the final change has been pushed all the way back to March 2028.
scotthelme.co.uk/are-shorter-...
We continue to improve our features with a focus on making it easier for customers to comply with the new PCI DSS v4.0 requirements!
For requirement 6.4.3, you can now store your written justification for each script with us, and, produce a PCI DSS Inventory Report.
report-uri.com
For requirement 6.4.3, you can now store your written justification for each script with us, and, produce a PCI DSS Inventory Report.
report-uri.com
November 11, 2024 at 1:09 PM
We continue to improve our features with a focus on making it easier for customers to comply with the new PCI DSS v4.0 requirements!
For requirement 6.4.3, you can now store your written justification for each script with us, and, produce a PCI DSS Inventory Report.
report-uri.com
For requirement 6.4.3, you can now store your written justification for each script with us, and, produce a PCI DSS Inventory Report.
report-uri.com