Loading
Content Security Policy (CSP) is hTTP headers that tell browsers which resources your page is allowed to load. It prevents XSS attacks by blocking unauthorized scripts from running. If a script isn't on your approved list, the browser won't execute it, even if an attacker injected it.
HTTP headers that tell browsers which resources your page is allowed to load. It prevents XSS attacks by blocking unauthorized scripts from running. If a script isn't on your approved list, the browser won't execute it, even if an attacker injected it.
Scrambling data so only authorized parties can read it. Without the decryption key, the data looks like random gibberish. It protects everything from your WhatsApp messages to your credit card numbers during online purchases.
Encryption where only the sender and receiver can read the messages. Not even the service provider can decrypt them. WhatsApp and Signal use E2EE, meaning even if their servers get hacked, your messages stay private.
A security model that assumes nothing and nobody should be trusted by default, even inside your own network. Every request gets verified regardless of where it comes from. The old approach of "trust everything inside the firewall" doesn't work anymore.
A security system that monitors and controls network traffic based on rules you set. It's the bouncer at the door, deciding which connections get in and which get blocked. Can be hardware, software, or cloud-based.
A firewall specifically designed to protect web applications. It sits between users and your app, filtering out malicious requests like SQL injection attempts and XSS attacks. Cloudflare and AWS WAF are common choices.