Security is a big topic, here are a few things to get you started.
Encrypting Data in Transit
Some people mistakenly believe that the only sites that need HTTPS are sites that handle some level of sensitive communication, like personal or financial data. But this isn't true. Every site should be using HTTPS, HTTPS helps to prevents people from listening into what's crossing the wire, and helps prevent it from being tampered with while in transit. Do you want your ISP or school to know every site you were looking at?
And if privacy and security weren't enough of a reason to protect your users, many new browser features like service workers, the Payment Request API, and even some older APIs like GeoLocation now require HTTPS.
Content Security Policy
Content Security Policy or CSP provides a rich set of directives that
enable granular control over the resources a page is allowed to load and
where they're loaded from.
Prevent Mixed Content
One of the more time-consuming tasks in implementing HTTPS is finding and
fixing content that mixes both HTTPS and HTTP. Fortunately there are tools
to help you help you with this.
Was this page helpful?