Content Security Policy 1.0
Mitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources.
Content Security Policy Level 2
Mitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources. CSP 2 adds hash-source, nonce-source, and five new directives
DNSSEC and DANE
Method of validating a DNS response against a trusted root server. Mitigates various attacks that could reroute a user to a fake site while showing the real URL for the original site.
Document Policy
A mechanism that allows developers to set certain rules and policies for a given site. The rules can change default browser behaviour, block certain features or set limits on resource usage. Document Policy is useful both for security and performance, and is similar to [Permissions Policy](/permissions-policy).
Feature Policy
This specification defines a mechanism that allows developers to selectively enable and disable use of various browser features and APIs. Feature Policy is deprecated and has been replaced with [Permissions Policy](/permissions-policy) and [Document Policy](/document-policy).
Permissions Policy
A security mechanism that allows developers to explicitly enable or disable various powerful browser features for a given site. Similar to [Document Policy](/document-policy).
HTTP Public Key Pinning
Declare that a website's HTTPS certificate should only be treated as valid if the public key is contained in a list specified over HTTP to prevent MITM attacks that use valid CA-issued certificates.
rel=noopener
Ensure new browsing contexts are opened without a useful `window.opener`
'SameSite' cookie attribute
Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.
Strict Transport Security
Declare that a website is only accessible over a secure connection (HTTPS).
Subresource Integrity
Subresource Integrity enables browsers to verify that file is delivered without unexpected manipulation.
Upgrade Insecure Requests
Declare that browsers should transparently upgrade HTTP resources on a website to HTTPS.
document api: `securitypolicyviolation` event
element api: `securitypolicyviolation` event
securitypolicyviolationevent api
securitypolicyviolationevent api: blockeduri
securitypolicyviolationevent api: columnnumber
securitypolicyviolationevent api: disposition
securitypolicyviolationevent api: documenturi
securitypolicyviolationevent api: effectivedirective
securitypolicyviolationevent api: linenumber
securitypolicyviolationevent api: originalpolicy
securitypolicyviolationevent api: referrer
securitypolicyviolationevent api: sample
securitypolicyviolationevent api: `securitypolicyviolationevent()` constructor
securitypolicyviolationevent api: sourcefile
securitypolicyviolationevent api: statuscode
securitypolicyviolationevent api: violateddirective
securitypolicyviolationevent api: available in workers
headers http header: content-security-policy-report-only
headers http header: content-security-policy: base-uri
headers http header: content-security-policy: child-src
headers http header: content-security-policy: connect-src
headers http header: content-security-policy: default-src
headers http header: content-security-policy: font-src
headers http header: content-security-policy: form-action
headers http header: content-security-policy: frame-src
headers http header: content-security-policy: img-src
headers http header: content-security-policy: manifest-src
headers http header: content-security-policy: media-src
headers http header: content-security-policy: object-src
headers http header: content-security-policy: plugin-types
headers http header: content-security-policy: referrer
headers http header: content-security-policy: report-to
headers http header: content-security-policy: report-uri
headers http header: content-security-policy: sandbox
headers http header: content-security-policy: script-src
headers http header: content-security-policy: style-src
headers http header: content-security-policy: worker-src
tls 1.0 (transport security layer)
50 results found.