Category
Security
Core web security concepts that protect your visitors and your reputation.
Category
Core web security concepts that protect your visitors and your reputation.
By default, browsers block a page on one origin from reading responses from another. CORS headers let a server opt specific origins back in…
A session cookie is as valuable as a password. The Secure, HttpOnly and SameSite attributes are the standard, low-effort defences that stop…
A correct HTTP-to-HTTPS redirect ensures nobody lands on the insecure version of your site. Using a 301 (permanent) redirect preserves sear…
A page served over HTTPS should load every resource over HTTPS too. Mixed content weakens the security guarantee and triggers browser warni…
When you load JavaScript or CSS from a third party, you trust that host completely. SRI removes that blind trust: the browser verifies the…
HTTPS (Hypertext Transfer Protocol Secure) is HTTP wrapped in TLS encryption. It protects passwords, payment details and page content from…