Browsers Are Magical Creatures
Web browsers are magical creatures that include A LOT of features. Buried within this multitude, you’ll find a number of security tools waiting for you, kinda like the chatty stranger in the bar, trying to flog off their wares. Although unlike that stranger, the browser lets you use them all for free, and you can use as many as you want!
You might have heard of Content Security Policies (CSP), and HTTP Strict Transport Security (HSTS), and Same-Site Cookies, or seen headers like X-Content-Type-Options and X-Frame-Options in your web server configuration. What about the confusingly named CORP, COOP, CORS and COEP, or Trusted Types, and a Permissions-Policy?
The point is, like secrets in a cave, there are a lot of security tools hidden in your browser. You won’t want or need all of them on every site, but if you’re aware of what's available, you’ll know what you can and should enable, to add that extra layer of security to your sites. I’m just not sure they’ll help you slay that dragon though...
Stephen Rees-Carter
Stephen is a security consultant and crusted-on PHP developer who spends his days doing Laravel Security Audits and Penetration Tests. When he’s not trying to hack his client’s websites, he teaches Laravel and PHP developers how to think like a hacker through his Securing Laravel mailing list and Practical Laravel Security course. His conference talks have been described as "terrifying magic tricks", that show just how easy it is to hack into a vulnerable site and cause mayhem.