MDN wants to learn about developers like you: https://qsurvey.mozilla.com/s3/d6d7ff2e2f9c

Ensuring that your website or open web application is secure is critical. Even simple bugs in your code can result in private information being leaked, and bad people are out there trying to find ways to steal data. The web security oriented articles listed here provide information that may help you secure your site and its code from attacks and data theft.

Information Security Basics
A basic understanding of information security can help you avoid unnecessarily leaving your software and sites insecure and vulnerable to weaknesses that can be exploited for financial gain or other malicious reasons. These articles can help you learn what you need to know.
Insecure passwords
This page details the security mechanisms Firefox has put in place to warn users and developers of risks surrounding insecure passwords and password theft.
Mixed content
An HTTPS page that includes content fetched using cleartext HTTP is called a mixed content page. Pages like this are only partially encrypted, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers.
Same-origin policy
The same-origin policy restricts how a document or script loaded from one origin can interact with a resource from another origin. It is a critical security mechanism for isolating potentially malicious documents.
Secure contexts
A secure context is a Window or Worker for which there is reasonable confidence that the content has been delivered securely (via HTTPS/TLS), and for which the potential for communication with contexts that are not secure is limited.
Securing your site
There are a number of things you can do to help secure your site. This article offers an assortment of suggestions, as well as links to other articles providing more useful information.
Site Identity Button
The Site Identity Button is a feature in Firefox that gives users more information about the sites they visit.
Subresource Integrity
Subresource Integrity (SRI) is a security feature that enables browsers to verify that files they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched file must match.
Transport Layer Security
The security of any connection using Transport Layer Security (TLS) is heavily dependent upon the cipher suites and security parameters selected. This article's goal is to help you make these decisions to ensure the confidentiality and integrity communication between client and server.
Weak signature algorithms
The strength of the hash algorithm used in signing a digital certificate is a critical element of the security of the certificate. This article provides some information about signature algorithms known to be weak, so you can avoid them when appropriate.

Join the Security community

Choose your preferred method for joining the discussion:

Document Tags and Contributors

Tags: 
 Contributors to this page: Sheppy, fscholz, jswisher, PPElite, marumari, ISOBEL
 Last updated by: Sheppy,