Browsers are Magical Creatures

Web browsers are magical creatures that include A LOT of features. Buried within this multitude, you’ll find a number of security tools waiting for you, kinda like the chatty stranger in the bar, trying to flog off their wares. Although unlike that stranger, the browser lets you use them all for free, and you can use as many as you want!

You might have heard of Content Security Policies (CSP), and HTTP Strict Transport Security (HSTS), and Same-Site Cookies, or seen headers like X-Content-Type-Options and X-Frame-Options in your web server configuration. What about the confusingly named CORP, COOP, CORS and COEP, or Trusted Types, and a Permissions-Policy?

The point is, like secrets in a cave, there are a lot of security tools hidden in your browser. You won’t want or need all of them on every site, but if you’re aware of what’s available, you’ll know what you can and should enable, to add that extra layer of security to your sites. I’m just not sure they’ll help you slay that dragon though…

Presented At