Archives: Definitions

The Content Security Policy (CSP) is a security header that tells the browser what content it is allowed to load. It can be used to prevent attacks on website visitors such as Cross Site Scripting (XSS) and Clickjacking. The Content Security Policy uses the Same Origin Policy mechanism to ensure the browser only loads resources from trusted sources. With the Content Security Policy you can prevent browsers from loading scripts, images, css etc. from untrusted sources like third party sites

The Permissions Policy (formerly called Feature-Policy) is a security header that allows website administrators to manage which browser functions the site should be able to utilize. It is an extra security measure to prevent malicious use of these browser functions. The header restricts how browser functions can be used for your own content, and can also prevent iframes that your site embeds from using them. Why should a website set the Permissions Policy header? Just like all other security headers,

Security headers are an important tool for helping to protect websites and web applications from certain types of attacks. Security headers are HTTP response headers that a server can send to a client (usually a web browser) when it serves a webpage. The client will then use the information in the headers to make security-related decisions about how to handle the webpage. For example, when a browser receives a Content-Security-Policy header, it will use the rules specified in the header

Hardening features can secure a website by reducing its attack surface and vulnerabilities. It is a proactive approach to protecting a website against security threats and vulnerabilities that can be exploited by hackers. Website hardening involves a number of techniques, including secure configuration of the web server and CMS software like WordPress.  This can mean removing unnecessary code, or setting limits to attempts to use, login or manipulate a system. Hardening features are mostly configured based on the specific use

Cross Origin Policies are special http security headers that define what information can be shared between different sources. Limiting the sharing of information between sources is called Cross-origin Isolation. Cross-origin headers were created to instruct browsers and webservers on how to handle information sharing between different resources. These different sources can be different webservers, processes or different documents or pages in a web browser. This means that when Cross-origin Isolation is active, exchanging information with other sources, is limited by