Skip to content
Learn Measure Blog Case studies About
On this page
  • Encrypting Data in Transit
  • Content Security Policy
  • Prevent Mixed Content
  • Related Resources
    • Chrome DevTools
  • Feedback

Security and Identity

Sep 8, 2015 — Updated Aug 18, 2019
On this page
  • Encrypting Data in Transit
  • Content Security Policy
  • Prevent Mixed Content
  • Related Resources
    • Chrome DevTools
  • Feedback

Security is a big topic, here are a few things to get you started.

Encrypting Data in Transit #

https

One of the most critical security features, and one that is required for many modern APIs and progressive web apps is HTTPS, sometimes referred to as secure HTTP.

Some people mistakenly believe that the only sites that need HTTPS are sites that handle some level of sensitive communication, like personal or financial data. But this isn't true. Every site should be using HTTPS. HTTPS helps to prevent people from listening in on what's crossing the wire, and helps prevent it from being tampered with while in transit. Do you want your ISP or school to know every site you were looking at?

And if privacy and security weren't enough of a reason to protect your users, many new browser features like service workers, the Payment Request API, and even some older APIs like GeoLocation now require HTTPS.

Enabling HTTPS on Your Servers

Content Security Policy #

Content Security Policy or CSP provides a rich set of directives that enable granular control over the resources a page is allowed to load and where they're loaded from. Learn More

Prevent Mixed Content #

One of the more time-consuming tasks in implementing HTTPS is finding and fixing content that mixes both HTTPS and HTTP. Fortunately, there are tools to help you with this. Get Started

Related Resources #

  • Learn Web Security with Google
  • Getting the Green Lock: HTTPS Stories from the Field

Chrome DevTools #

  • Understand Security Issues

Feedback #

Last updated: Aug 18, 2019 — Improve article
Share
subscribe

Contribute

  • File a bug
  • View source

Related content

  • developer.chrome.com
  • Chrome updates
  • Web Fundamentals
  • Case studies
  • Podcasts
  • Shows

Connect

  • Twitter
  • YouTube
  • Google Developers
  • Chrome
  • Firebase
  • Google Cloud Platform
  • All products
  • Terms & Privacy
  • Community Guidelines

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies.