Jump Start Web Performance by Craig Buckler

Author:Craig Buckler [Craig Buckler]
Language: eng
Format: epub
Publisher: SitePoint
Published: 2020-02-10T16:00:00+00:00

are delivered over HTTPS to eliminate man-in-the-middle attacks

use <script crossorigin="anonymous"> to ensure there’s no exchange of user credentials via cookies or other technologies

set a <script> integrity attribute with a file hash to reject any script that’s been changed by the provider (refer to Subresource Integrity on MDN)

Ideally, move the script to your domain or remove it entirely.

Third-party Script Used to Target Site

British Airways was fined US$232 million in 2018 when 500,000 customers had their names, email addresses, and full credit card information stolen during website transactions. The attack originated from a third-party script that was modified to target BA, possibly without the knowledge or consent of its supplier.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.