Can I use
?
50 results found.

  1. Content Security Policy 1.0

    Mitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources.

  2. Content Security Policy Level 2

    Mitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources. CSP 2 adds hash-source, nonce-source, and five new directives

  3. DNSSEC and DANE

    Method of validating a DNS response against a trusted root server. Mitigates various attacks that could reroute a user to a fake site while showing the real URL for the original site.

  4. Document Policy

    A mechanism that allows developers to set certain rules and policies for a given site. The rules can change default browser behaviour, block certain features or set limits on resource usage. Document Policy is useful both for security and performance, and is similar to [Permissions Policy](/permissions-policy).

  5. Feature Policy

    This specification defines a mechanism that allows developers to selectively enable and disable use of various browser features and APIs. Feature Policy is deprecated and has been replaced with [Permissions Policy](/permissions-policy) and [Document Policy](/document-policy).

  6. Permissions Policy

    A security mechanism that allows developers to explicitly enable or disable various powerful browser features for a given site. Similar to [Document Policy](/document-policy).

  7. HTTP Public Key Pinning

    Declare that a website's HTTPS certificate should only be treated as valid if the public key is contained in a list specified over HTTP to prevent MITM attacks that use valid CA-issued certificates.

  8. rel=noopener

    Ensure new browsing contexts are opened without a useful `window.opener`

  9. 'SameSite' cookie attribute

    Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

  10. Strict Transport Security

    Declare that a website is only accessible over a secure connection (HTTPS).

  11. Subresource Integrity

    Subresource Integrity enables browsers to verify that file is delivered without unexpected manipulation.

  12. Upgrade Insecure Requests

    Declare that browsers should transparently upgrade HTTP resources on a website to HTTPS.

  13. document api: `securitypolicyviolation` event

  14. element api: `securitypolicyviolation` event

  15. securitypolicyviolationevent api

  16. securitypolicyviolationevent api: blockeduri

  17. securitypolicyviolationevent api: columnnumber

  18. securitypolicyviolationevent api: disposition

  19. securitypolicyviolationevent api: documenturi

  20. securitypolicyviolationevent api: effectivedirective

  21. securitypolicyviolationevent api: linenumber

  22. securitypolicyviolationevent api: originalpolicy

  23. securitypolicyviolationevent api: referrer

  24. securitypolicyviolationevent api: sample

  25. securitypolicyviolationevent api: `securitypolicyviolationevent()` constructor

  26. securitypolicyviolationevent api: sourcefile

  27. securitypolicyviolationevent api: statuscode

  28. securitypolicyviolationevent api: violateddirective

  29. securitypolicyviolationevent api: available in workers

  30. headers http header: content-security-policy-report-only

  31. headers http header: content-security-policy: base-uri

  32. headers http header: content-security-policy: child-src

  33. headers http header: content-security-policy: connect-src

  34. headers http header: content-security-policy: default-src

  35. headers http header: content-security-policy: font-src

  36. headers http header: content-security-policy: form-action

  37. headers http header: content-security-policy: frame-src

  38. headers http header: content-security-policy: img-src

  39. headers http header: content-security-policy: manifest-src

  40. headers http header: content-security-policy: media-src

  41. headers http header: content-security-policy: object-src

  42. headers http header: content-security-policy: plugin-types

  43. headers http header: content-security-policy: referrer

  44. headers http header: content-security-policy: report-to

  45. headers http header: content-security-policy: report-uri

  46. headers http header: content-security-policy: sandbox

  47. headers http header: content-security-policy: script-src

  48. headers http header: content-security-policy: style-src

  49. headers http header: content-security-policy: worker-src

  50. tls 1.0 (transport security layer)