Security and Identity

Security is a big topic, here are a few things to get you started.

Encrypting Data in Transit

One of the most critical security features, one that is required for many modern APIs and progressive web apps is Secure HTTP also called HTTPS. A common misconception about HTTPS is that the only websites that need it are those that handle sensitive communications. If privacy and security weren't reason enough to protect your users, many new browser features such as service workers the Payment Request API require HTTPS.

Enabling HTTPS on Your Servers

Content Security Policy

Content Security Policy or CSP provides a rich set of directives that enable granular control over the resources a page is allowed to load and where they're loaded from.
Learn More

Prevent Mixed Content

One of the more time-consuming tasks in implementing HTTPS is finding and fixing content that mixes both HTTPS and HTTP. Fortunately there are tools to help you help you with this.
Get Started

Related Resources

Chrome DevTools

Understand Security Issues

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 3.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated January 18, 2017.