Web Security
Collections
- How to reduce your risk of cross-site scripting attacks with vanilla JavaScript
- Injecting text instead of HTML with vanilla JS to reduce your risk of XSS attacks
- Trusted Types API for JavaScript DOM Security
- Protecting against DOM XSS security vulnerabilities in JavaScript
- Refused to frame 'https://xxx.myshopify.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
- How to win at CORS
- Trusted Types API for JavaScript DOM Security
- Don’t try to sanitize input. Escape output.
- Retrieving your browsing history through a CAPTCHA - The
:visitedpseudo-class poses privacy risks for people who surf the web. As a user, you can stop web pages from tracking your history by disabling visited link highlighting in your web browser. - Securing Express Web Applications With Helmet - Learn how to use Helmet to set Content-Security-Policy, X-DNS-Prefetch-Control, X-Frame-Options, X-Powered-By, plus much more.
- Using Helmet to set the Content-Security-Policy header
- Using Helmet to set the X-DNS-Prefetch-Control header
- Controlling enabled browser features using the Feature-Policy header
- Using Helmet to set the X-Frame-Options header
- Using Helmet to remove the X-Powered-By header
- Improving HTTPS with Strict Transport Security
- Mitigating XSS attacks with Helmet
- What is a realm in JavaScript?
- Web fingerprinting is worse than I thought
- Edge sends images you view online to Microsoft, here is how to disable that
- CSP Testing Using Cypress
- Google AMP – The Newest of Evasive Phishing Tactic
https://www.google.com/amp/s/${phishing URL} - Preventing HTTPS Downgrade Attacks
- configuring servers to redirect all HTTP traffic to HTTPS and setting the HTTP Content-Security-Policy and Strict-Transport-Security headers to enforce HTTPS-only browsing
- The HSTS preload directive further strengthens security by ensuring browsers always use HTTPS for a domain
- Polyfill.io, 중국 CDN 기업에 인수된 후 보안 및 안정성 문제 발생
Children