HTTPS (Browser Security Certificate)
- Is there a certificate (HTTPS)? No. Set it up!
- Encrypted end-to-end communication between browser and server.
- Faster – See https://www.httpvshttps.com/
- CSP (content-security-policy)
- SameSite: SameSite cookies let servers require that a cookie shouldn’t be sent with cross-site requests, which somewhat protects against cross-site request forgery attacks (CSRF). SameSite cookies are still experimental and not yet supported by all browsers.
- Secure: Tells the browser to use a secure protocol (HTTPS) for sending the cookie to the server.
HSTS (HTTP Strict Transport Security)
XSS (Cross Site Scripting)
CSRF (Cross-Site Request Forgery)
Sub-Resource Integrity (SRI)
SQLI (SQL Injection)
Brute Force Attacks