Prior to the release of the Mozilla Observatory a year ago, I ran a scan of the Alexa Top 1M websites. Despite being available for years, the usage rates of modern defensive security technologies was frustratingly low. A lack of tooling combined with poor and scattered documentation had led to there being little awareness around countermeasures such as Content Security Policy (CSP), HTTP Strict Tr
![Analysis of the Alexa Top 1M sites – Mozilla Security Blog](https://cdn-ak-scissors.b.st-hatena.com/image/square/3edcf8fc3d8dccaaaf948b4d3355440f35b34b36/height=288;version=1;width=512/https%3A%2F%2Fblog.mozilla.org%2Fsecurity%2Fwp-content%2Fthemes%2FOneMozilla%2Fimg%2Fmozilla-wordmark.png)