5. Protects the integrity of your
website
HTTPS
HTTPS helps prevent intruders from
tampering with the communications
between your websites and your users'
browsers.
Protects the privacy & security
of your users
HTTPS prevents intruders from being
able to passively listen to
communications between your
websites and your users.
The future of the web
HTTPS is a key component to the
permission workflows for new features
and updated APIs.
GDG Cebu
6. Protects the privacy & security
of your users
HTTPS prevents intruders from being
able to passively listen to
communications between your
websites and your users.
Protects the integrity of your
website
HTTPS
HTTPS helps prevent intruders from
tampering with the communications
between your websites and your users'
browsers.
Protects the privacy & security
of your users
HTTPS prevents intruders from being
able to passively listen to
communications between your
websites and your users.
The future of the web
HTTPS is a key component to the
permission workflows for new features
and updated APIs.
GDG Cebu
Protects the integrity of your
website
HTTPS helps prevent intruders from
tampering with the communications
between your websites and your users'
browsers.
7. Protects the integrity of your
website
HTTPS
HTTPS helps prevent intruders from
tampering with the communications
between your websites and your users'
browsers.
Protects the privacy & security
of your users
HTTPS prevents intruders from being
able to passively listen to
communications between your
websites and your users.
The future of the web
HTTPS is a key component to the
permission workflows for new features
and updated APIs.
GDG Cebu
Protects the privacy & security
of your users
HTTPS prevents intruders from being
able to passively listen to
communications between your
websites and your users.
The future of the web
HTTPS is a key component to the
permission workflows for new features
and updated APIs.
31. Same-origin Policy
Origin A Origin B
Explanation of whether Origin A
and B are "same-origin" or
"cross-origin"
https://www.example.com:443
https://www.evil.com:443 cross-origin: different domains
https://example.com:443 cross-origin: different subdomains
https://login.example.com:443 cross-origin: different subdomains
http://www.example.com:443 cross-origin: different schemes
https://www.example.com:80 cross-origin: different ports
https://www.example.com:443 same-origin: exact match
https://www.example.com same-origin: implicit port number (443)
matches
GDG Cebu
34. Enabling cross-origin isolation
1. Set `Cross-Origin-Opener-Policy: same-origin` for the main
document.
2. Make sure cross-origin resources use `CORP: cross-origin` or CORS.
3. Set `Cross-Origin-Embedder-Policy: require-corp` for the main
document.
GDG Cebu