csp
Safeguard articles tagged "csp" — guides, analysis, and best practices for software supply chain and application security.
9 articles
Nuxt 3 Security Hardening: CSP, SSR Leakage, and Safe Server Routes
Nuxt 3's server runs as one long-lived Node process — a single misplaced ref() can leak one user's data into another user's response.
Clickjacking: A Prevention Guide
Clickjacking tricks a user into clicking something different from what they see by layering an invisible frame over a decoy page. Here is how to block it.
Content Security Policy (CSP) Explained (2026)
A Content Security Policy is your last line of defense against XSS. Here is how CSP works, why nonce-based strict policies beat allowlists, and how to deploy one without breaking your app.
HTTP Security Headers Explained (2026)
HTTP security headers are the cheapest defense-in-depth you can ship. Here is what each one does, the values to set in 2026, and how to verify they are actually present.
Angular Security Best Practices: Trusting the Sanitizer, Not Bypassing It
Angular sanitizes bindings by default — until a developer calls bypassSecurityTrustHtml. Here is how Angular's security model works and where teams break it.
React Security Best Practices: A Practical Checklist for 2026
React escapes JSX text for you, but XSS sinks, secrets in the client bundle, token storage, and a 500-package npm worm are still yours to handle.
Clickjacking vulnerabilities explained
A clickjacking vulnerability hides real buttons under a decoy iframe to hijack clicks. Here's how the attack works, real incidents, and fixes.
CSP Bypass Techniques and Prevention: Beyond the Basics
Content Security Policy is the strongest browser-side defense against XSS. But most CSP deployments are bypassable. Here is why, and how to fix it.
Security Headers Implementation Checklist: Hardening Your Web Application
HTTP security headers are your first line of defense against XSS, clickjacking, and data injection attacks. Here is a practical implementation checklist with correct configurations.