Website security glossary

DMARC protects your domain from e-mail spoofing. Learn how the record is structured, what p=none/quarantine/reject mean and how to roll out DMARC step by step.

HSTS (Strict-Transport-Security) forces browsers permanently to HTTPS. Learn how the header is built, what includeSubDomains and preload mean.

How SSL/TLS certificates work, how the handshake unfolds and what to watch for when checking — explained in plain English.

SPF (Sender Policy Framework) prevents foreign servers from sending e-mails under your domain name. Structure, mechanisms and best practices.

The Content-Security-Policy is the most important browser-side defence against XSS. Learn how a CSP is structured and how to roll one out safely.

DKIM signs your outgoing e-mails cryptographically — the recipient can reliably verify a mail came from you. Structure, selectors and common pitfalls.

X-Frame-Options prevents clickjacking by controlling whether your site can be embedded in an iframe. Values DENY, SAMEORIGIN and the CSP successor frame-ancestors.

SRI protects external JavaScript and CSS files against tampering on the CDN. Hash-based integrity verification in the browser — explained with examples.

Cross-Origin Resource Sharing controls which foreign sites may call your APIs. Same-Origin policy, preflight requests and the key CORS headers.

Secure, HttpOnly and SameSite — the three most important cookie flags and what they do. How to harden sessions against XSS, MITM and CSRF.

DNSSEC protects DNS answers cryptographically against tampering and cache poisoning. Structure, key hierarchy (KSK/ZSK) and how to enable DNSSEC properly.

CAA records define which certificate authorities are allowed to issue SSL certificates for your domain. Protection against mis-issuance, structure and examples.

The Referrer-Policy controls which information is sent when users click external links. Values, privacy implications and safe defaults.

The Permissions-Policy selectively disables browser features like geolocation, microphone, camera and FLoC. Structure, all directives and default recommendations.

X-Content-Type-Options: nosniff prevents browsers from guessing the MIME type of files. Protection against cross-site-scripting and drive-by downloads.