Ensuring that your Web site or open Web app is secure is critical. Even simple bugs in your code can result in private information being leaked, and bad people are out there trying to find ways to steal data. These articles provide information that may help you secure your code.
- CSP (Content Security Policy)
- Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.
- HTTP Strict Transport Security
- HTTP Strict Transport Security (often abbreviated as HSTS) is a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.
- Same-origin policy
- The same-origin policy restricts how a document or script loaded from one origin can interact with a resource from another origin.