Tag Archives: Web

Website Security: ClickJacking Defenses

This is a reference to a post on MSDN. It discusses frame-busting technique to defend websites against click-jacking. IE8 Security Part VII: ClickJacking Defenses Web developers can send a HTTP response header named X-FRAME-OPTIONS with HTML pages to restrict how the page may be framed. If the X-FRAME-OPTIONS value contains the token DENY, IE8 will […]

Content Security Policy and XSS defense

W3C introduced a standard to help protect websites against XSS by adding the following meta tag to the website response generated by a server: References: W3C Standard Content Security Policy 1.0 is officially awesome An Introduction to Content Security Policy