1 views collected around this technical thread.
This article explains how the seemingly harmless CSS :visited selector lets websites infer users' browsing history, the privacy risks it creates, the decades‑long history of the vulnerability, and how Chrome’s latest partitioning approach finally mitigates the leak.
This guide explains why browsers show “not secure” warnings, why self‑signed certificates are a cost‑effective solution for small‑to‑medium businesses, and provides step‑by‑step instructions—including MMC configuration and certificate import—to remove those warnings without purchasing commercial SSL certificates.
This article explains the same‑origin policy, its role in protecting browsers from XSS, CSRF and other attacks, illustrates how origins are defined with protocol, host and port, and details how CORS, simple requests and preflight requests enable controlled cross‑origin communication.
The article explains how WebAssembly’s mature community, stronger security sandbox, superior performance, and open‑source governance differentiate it from the outdated Java Applet, positioning Wasm for rapid growth and broader adoption in modern browsers.
This article explains the browser's Same‑Origin Policy, its role in preventing XSS, CSRF and other attacks, and details how Cross‑Origin Resource Sharing (CORS) works, including simple requests, preflight requests, credential handling, and provides a complete request flow diagram.
Cross-Origin Resource Sharing (CORS) extends the Same-Origin Policy by permitting controlled cross‑origin requests through simple and preflight flows, using specific headers and credential rules, thereby balancing web security against threats like XSS, CSRF, and injection attacks while enabling safe resource sharing.
This article explains the same‑origin policy, its role in protecting web applications, how browsers enforce it through DOM, web‑data, and network restrictions, and how Cross‑Origin Resource Sharing (CORS) and preflight requests enable controlled cross‑origin communication while maintaining security.
This article explains the fundamentals of the browser Same‑Origin Policy, the security risks it mitigates, and how Cross‑Origin Resource Sharing (CORS) with simple and preflight requests enables controlled cross‑domain communication while protecting user data.
This article explains the browser's Same-Origin Policy, its impact on DOM, data, and network access, and how Cross-Origin Resource Sharing (CORS) and preflight requests enable controlled cross-origin communication while preserving security.
The article explains how third‑party cookies enable cross‑site tracking, why browsers are deprecating them, introduces the SameParty attribute as a partial mitigation, and details Chrome's CHIPS proposal with partitioned cookies that isolate cookie storage per top‑level site to protect user privacy.
This article explains the Spectre hardware side‑channel vulnerability, its exploitation via speculative execution and cache timing, demonstrates simple JavaScript attacks, and reviews various browser mitigation strategies such as cache‑control headers, disabling high‑resolution timers, COOP, COEP, and CORB to reduce attack surface.
This article explains the Spectre hardware vulnerability, how it leverages speculative execution and side‑channel attacks to read arbitrary memory, and reviews the browser‑level defenses such as cache policies, timer reduction, rel="noopener", COOP, COEP and CORB that aim to mitigate its impact.
This article explains the purpose, possible values, and security impact of the Sec-Fetch request headers introduced by the Fetch Metadata specification, showing how browsers automatically add them, how servers can use them to filter illegal requests, and providing practical policy examples and code snippets.
This article explores how HTTPS certificates are validated, why revocation mechanisms like CRL and OCSP often fall short, compares browser implementations, and discusses practical mitigation techniques such as OCSP stapling and Must‑Staple to improve TLS security.
This article uses a playful conversation between browsers and a reporter to explain how HTTPS secures web traffic by employing RSA public‑key encryption, digital signatures, certificate authorities, and the challenges of performance and man‑in‑the‑middle attacks, ultimately showing why modern browsers adopted HTTPS by default.