This section is mostly aimed at developers wishing to create secure web applications.
Cross-Origin Resource Sharing (CORS)
Learn how Cross-Origin Resource Sharing (CORS) can be used to relax the same origin policy when required.
Attacks & Prevention
Learn how SameSite cookies can protect your web application against CSRF, XSS, cross-site information leaks and more.
Learn about allowing non-whitelisted headers in CORS (Cross-Origin-Request-Sharing)
Learn about allowing non-whitelisted methods in CORS (Cross-Origin-Request-Sharing)
Learn how the CSP (Content Security Policy) header can protect your web application from XSS attacks.
Learn how the Cross-Origin Opener Policy (COOP) can protect your web application from cross-site information leaks.
Learn how the Cross-Origin Resource Policy can protect your web application from cross-site information leaks and other client-side attacks.
Fetch Metadata Headers
Learn how the new fetch metadata headers can be used to defend against cross-site attacks like never before.
Learn how the HSTS (HTTP Strict Transport Security) header can protect your web application from MITM attacks.
Tools & Resources
An in-browser tool for creating, modifying and analyzing CSP (Content Security Policy) headers.
Security Feature Browser Support
Up-to-date browser support tables for the most important security features.