Enlisting the browser's help in policy enforcement

Policies

These documents describe the response headers sent by the server to the browser to establish enforceable policies. Policies are used by the browser to prevent bad actors from misusing a website's resources, and for sending reports of troublesome events back to the server.

Content Security Policy

Enlist the browser's help in security enforcement

Let your browser know your intentions. Enlist its help in enforcing your safe coding practices. Use the content-security-policy to fine tune where your document gets its resources.
content security policy, browser enforcement

Feature Policy

Stop accidental and nefarious use of device features

Keep your browser on your side. Prevent apps from accidentally gaining access to unauthorized mobile device features. Stop bad actors from elevating privileges without your consent.
feature policy, mobile security threat, browser enforcement

Network Error Logging

It's late. Do you know what your website is up to?

Enlist the browser's support in keeping your website up and running. Get notifications when DNS, TLS or HTTP errors unexpectedly occur for your visitors.
network error logging, browser reports, DNS, TLS, HTTP

Referrer Policy

Prevent outsiders from tracking your visitor's every move

Establish a policy for the browser to follow when assembling 'referer' request headers, limiting what's revealed when requesting resources cross-domain or under protocol switching scenarios.
referrer policy, response header, referer header

Report To

Tell the browser where to send policy reports

A browser can send reports to you when something out-of-the-ordinary happens while visitors access your website.
report-to, content-security-policy violations, network-error-logging, application/reports+json

Policy Reports

Process and log incoming policy reports

How to designate your server as a policy report handler for incoming security and error reports.
policy-reports, report-to, content-security-policy, network-error-logging

Enlisting the browser's help in policy enforcement