≮ bhavyasaggi.github.io
  1. Frontend
  2. Web Security & Resource Hints

Web Security

A good rule for web security is "You can never be too cautious. If you made it, double-check it anyway. If someone else made it, assume it's dangerous until proven otherwise."

Type of Attacks

  • Click-Jacking
  • Session hijacking
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF / XSRF)

Read More: https://developer.mozilla.org/en-US/docs/Web/Security/Types_of_attacks

Iframe Security

  • Use HTTPS to reduce chances of content tampering during transit, and to prevent embedded content from accessing parent document, and vice versa.
  • Use sandbox attribute gives embedded content only the permissions needed. Never add both allow-scripts and allow-same-origin to sandbox attribute.
  • Send X-Frame-Options header to prevent other websites from embedding your content.
    Read More: https://blog.mozilla.org/security/2013/12/12/on-the-x-frame-options-security-header/

CSP

Content Security Policy provides a set of HTTP Headers that allows website administrators to control resources the user agent is allowed to load for a given page.

Content-Security-Policy: <directive> <value> <host>;
Content-Security-Policy: default-src 'self' http://example.com;
                         connect-src 'none';

Read more: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

CSRF

CORS

Resource Hints


Keep Reading...

  1. Previous
     «  PWA
  2. Next

Date: