Your Search Results

    Web security

    Ensuring that your Web site or open Web app is secure is critical. Even simple bugs in your code can result in private information being leaked, and bad people are out there trying to find ways to steal data. These articles provide information that may help you secure your code.

    CSP (Content Security Policy)
    Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.
    HTTP Strict Transport Security
    HTTP Strict Transport Security (often abbreviated as HSTS) is a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.
    Public Key Pinning
    The Public Key Pinning Extension for HTTP (HPKP) is a security feature that tells a web client to associate a specific cryptographic public key with a certain web server to prevent MITM attacks with forged certificates.
    Same-origin policy
    The same-origin policy restricts how a document or script loaded from one origin can interact with a resource from another origin. Same-origin Policy is used as a means to prevent some of the Cross-site Request Forgery attacks.
    Securing your site
    There are a number of things you can do to help secure your site. This article offers an assortment of suggestions, as well as links to other articles providing more useful information.
    The Do Not Track Field Guide
    The Do Not Track Field Guide provides information about the DNT functionality. You can download the original version as a PDF file.

    Join the Security community

    Choose your preferred method for joining the discussion:

    Document Tags and Contributors

    Contributors to this page: Sheppy, SpencerG, AdamC
    Last updated by: AdamC,