A security standard that helps prevent cross-site scripting (XSS) attacks by allowing website owners to control which resources can be loaded and executed on their pages.

A cryptographic protocol that provides secure communication over a computer network, commonly used to secure HTTPS connections.

A security feature that allows web pages to make requests to a different domain than the one serving the web page, while maintaining security.

A web security policy mechanism that helps protect websites against protocol downgrade attacks and cookie hijacking by forcing HTTPS connections.

A type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

An attack that tricks a user into performing unwanted actions on a web application in which they're currently authenticated.

An email authentication method that helps prevent email spoofing by specifying which mail servers are authorized to send emails for a domain.

An email authentication method that uses digital signatures to verify that an email message was sent by an authorized sender.

An email authentication protocol that builds on SPF and DKIM to provide domain-level protection against email spoofing.

A malicious technique where an attacker tricks a user into clicking on something different from what the user perceives, potentially revealing confidential information.

A security issue where a web page served over HTTPS contains resources (images, scripts, stylesheets) loaded over HTTP, which can compromise security.

A vulnerability where an attacker can take control of a subdomain by exploiting misconfigured DNS records or abandoned services.