Web security

Ensuring that your Web site or open Web app is secure is critical. Even simple bugs in your code can result in private information being leaked, and bad people are out there trying to find ways to steal data. These articles provide information that may help you secure your code.

CSP (Content Security Policy)
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.
HTTP Strict Transport Security
HTTP Strict Transport Security (often abbreviated as HSTS) is a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.
Same-origin policy
The same-origin policy restricts how a document or script loaded from one origin can interact with a resource from another origin.
Securing your site
There are a number of things you can do to help secure your site. This article offers an assortment of suggestions, as well as links to other articles providing more useful information.
The Do Not Track Field Guide
The Do Not Track Field Guide provides information about the DNT functionality. You can download the original version as a PDF file.

Join the Security community

Mailing list/newsgroup:
Choose your preferred method for joining the discussion.

Document Tags and Contributors

Contributors to this page: Sheppy
Last updated by: Sheppy,