Security Best Practices

Improve code health of your web page following these best practices.


All websites should be protected with HTTPS, even ones that don’t handle sensitive data. HTTPS prevents intruders from tampering with or passively listening in on the communications between your site and your users.

When you link to a page on another site using the target="_blank" attribute, you can expose your site to performance and security issues:

Adding rel="noopener" or rel="noreferrer" to your target="_blank" links avoids these issues.

All external links will have target="_blank" and rel=โ€œnoopener nofollowโ€ attribute.

Internal link:

Checks your JavaScript libraries for security vulnerabilities

Intruders have automated web crawlers that can scan your site for known security vulnerabilities. When the web crawler detects a vulnerability, it alerts the intruder. From there, the intruder just needs to figure out how to exploit the vulnerability on your site.

To detect vulnerable libraries check snyk’s Vulnerability DB.

Configure Content Security Policy (CSP)

A Content Security Policy (CSP) helps to ensure any content loaded in the page is trusted by the site owner. CSPs mitigate cross-site scripting (XSS) attacks because they can block unsafe scripts injected by attackers. However, the CSP can easily be bypassed if it is not strict enough.