Browser Security
Everything on SkillVeris tagged Browser Security — collected across the glossary, study notes, blog, and cheat sheets.
12 resources across 1 library
Interview Questions(12)
What Is Clickjacking and How Do You Prevent It?
Clickjacking is an attack where a malicious page overlays or embeds a legitimate site inside a transparent or disguised iframe, tricking a user into clicking o…
What Are the Secure and HttpOnly Cookie Attributes?
The Secure attribute tells the browser to send a cookie only over HTTPS connections, and the HttpOnly attribute tells the browser to hide the cookie from JavaS…
What Is the SameSite Cookie Attribute and How Does It Prevent CSRF?
SameSite is a cookie attribute that tells the browser whether to include the cookie on requests originating from a different site than the one that set it, and…
What Is Subresource Integrity (SRI)?
Subresource Integrity is a browser security feature where you attach a cryptographic hash of an expected file to a script or stylesheet tag so the browser refu…
What Is a Session Fixation Attack and How Do You Prevent It?
Session fixation is an attack where an attacker sets or predicts a victim’s session identifier before login and then, once the victim authenticates using that…
What Is HTTPS and What Causes Mixed Content Errors?
HTTPS is HTTP layered over TLS, encrypting and authenticating traffic between browser and server, and mixed content occurs when a page loaded securely over HTT…
What Are CORS Preflight Requests?
A CORS preflight request is an automatic OPTIONS request the browser sends before certain cross-origin requests, asking the target server whether the actual re…
What Are HTTP Security Headers and Why Do They Matter?
HTTP security headers are response headers a server sends to instruct the browser to enable or restrict specific behaviors — such as blocking inline scripts, r…
How Do CSP Nonces Prevent Inline Script Injection?
A CSP nonce is a random, single-use token the server generates per response and embeds both in the Content-Security-Policy header and as a nonce attribute on e…
What Does the Referrer-Policy Header Control?
The Referrer-Policy header controls how much information about the current page’s URL the browser includes in the Referer header when the user navigates away o…
What Is the Permissions-Policy Header Used For?
The Permissions-Policy header lets a site explicitly enable or disable powerful browser features — such as the camera, microphone, geolocation, or autoplay — f…
What Is the Trusted Types API and How Does It Prevent DOM XSS?
The Trusted Types API is a browser-enforced mechanism, activated via a CSP directive, that blocks a page’s dangerous DOM sinks — like innerHTML or eval — from…