Newsletter - Apr 2026

As we continue to push into 2026, we’ve maintained our pace of improving existing features and introducing new ones.

API and MCP endpoints - now Generally Available 🤖

Our API and MCP endpoints are now Generally Available to customers on a suitable plan! The feedback from the beta was amazing and I'm pleased that these features are now available to all customers who would like to use them.

Audit Trail to Webhook 📋

Following our launch of Audit Trail last month, which gives customers visibility into changes being made in their Teams, the most common feedback we received was asking if we could send their Audit Trail events to a webhook endpoint. Well, now you can! Head to the Settings page to configure your Webhook endpoint for Audit Trail events.

JavaScript Integrity Monitoring - Custom Fingerprints (Beta) 🔬

We already check the fingerprints of all JavaScript files against our database of over 13,000,000 known fingerprints, and you can now upload your own fingerprints so we can identify and verify your custom assets! This gives you immediate auditing capabilities to know that all JS assets loading on your site are verified and integrity checked. If you'd like to participate in the beta of this new feature, please reach out to support@ and let us know.

JavaScript Integrity Monitoring - Audit Archive (Beta) 🗄️

For customers already using CSP Integrity within our JavaScript Integrity Monitoring suite, we have started to fetch and archive copies of all JS assets that are being loaded across your site. As we now receive the cryptographic fingerprint of the file from the browser, we can verify that we have fetched a true copy of the JS file itself. In future iterations of this new capability, we will expose archived copies of the file in our UI, provide static analysis of files, diff reviews, and notification capabilities when a file changes. Customers already using JavaScript Integrity Monitoring don't need to take any action to benefit from this.

Reporting API Support in Firefox Browser 🦊

As of Firefox v149, the Reporting API is now fully supported by default in Firefox Browser. Customers do not need to make any changes and will automatically benefit from the efficiency improvements that Reporting API support brings.

Deeper Content Security Policy Inspection 🔍

Within our Policy Watch product, we have added new capabilities to inspect your CSP and look for potential improvements. Customers can check their notification emails, or head to the Policy Watch section in their account, to see if we have detected any areas of concern in your CSP.

Automatic Team Switching ↔️

This was a common customer request that we have now implemented. When receiving notification emails and clicking on a link to view the alert, if the alert is for another Team that you are not currently viewing, you will now be notified and presented with the option to switch to that Team and view it, or cancel and remain where you were.

Passkeys Penetration Test 🥷

Last month we announced that we'd added support for Passkeys as a 2FA mechanism on your Report URI account and the adoption as well as the feedback has been great. As this was a major change to our authentication processes, we reached out to our external penetration testing company and engaged them to test our implementation. The results were fantastic.

Passkeys Whitepaper 📃

Our new Solutions page details how we can help you strengthen your Passkeys implementation and also contains the download link for a brand new whitepaper that we've just published based on our own research. Head on over to Passkeys Protection and you can download a copy of the whitepaper now.

Threat Intelligence Research 🎯

We've started to publish research that we're conducting using our own Threat Intelligence data. In April alone we identified a range of malware-infected browser extensions (research link) that were removed by Google and Microsoft, and disrupted an active Magecart campaign (research link) targeting e-commerce websites that don't use Report URI.

Upcoming Events 🏛️

We'll have team members attending both InfoSec EU (2-4 June, London) and OWASP Global AppSec EU (25-26 June, Vienna). If you're attending, reach out and we'll arrange some time to meet!

This is a great way to start Q2 and we've already laid the foundations for some of the amazing new features we have planned this year. As always, if you have any ideas or feedback, please do let me know, and if you'd like to join any of the beta features mentioned above, reach out to support@ to get involved!

Scott Helme,
Founder.