Security and identity
Google Developers Logo
Github logo View Source
feedback icon Submit Feedback

Progressive Web App Dev Summit

June 20-21, Amsterdam, NL - Learn more

Encrypting data in transit

Security is an important part of the web for both developers and users. Moving forward, Transport Layer Security (TLS) support will be required for most APIs.

  1. Encrypting data in transit
  2. Why you should always use HTTPS
  3. Intro to security terminology
  4. Generating keys and certificate signing requests
  5. Enable HTTPS on your servers
  6. Make intra-site URLs relative
  7. Redirect HTTP to HTTPS
  8. Turn on Strict Transport Security and secure cookies
  9. Migration concerns

Content Security Policy

Content Security Policy can significantly reduce the risk and impact of cross-site scripting attacks in modern browsers.

  1. Content Security Policy
  2. Source Whitelists
  3. Inline Code Considered Harmful
  4. Eval Too
  5. Reporting
  6. Real World Usage
  7. The Future

Prevent mixed content

Mixed content refers to a webpage where the initial HTML content is loaded over a secure HTTPS connection, but other resources are then loaded into the page over an insecure HTTP connection.

  1. Prevent mixed content
  2. What is mixed content?
  3. Fixing mixed content

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 3.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Terms of Service.