Security and Privacy
Security and Privacy Patterns
Frontends handle sensitive data, tokens, and business logic. These patterns layer defensive controls that keep attackers out while preserving trusted user experiences.
Icon for Security and Privacy
Patterns
Security and Privacy
Security and Privacy Guides
Framework-level thinking before you pick a pattern.
Security and Privacy Patterns
Specific, reusable techniques you can drop into production.
- Pattern NEW
Content Security Policy (CSP)
Define allowed sources for scripts, styles, and resources through HTTP headers to prevent XSS and injection attacks.
View pattern - Pattern NEW
CSRF Protection
Implement anti-CSRF tokens or SameSite cookies to prevent cross-site request forgery attacks.
View pattern - Pattern NEW
Input Sanitization
Clean and validate user-provided data before rendering or processing to prevent injection attacks.
View pattern - Pattern NEW
Output Encoding
Escape data properly when rendering to prevent XSS by ensuring user input is treated as data, not executable code.
View pattern - Pattern NEW
PII Redaction
Remove or mask personally identifiable information systematically from logs, analytics, and error reports.
View pattern - Pattern NEW
SameSite Cookie
Configure cookie SameSite attributes to control cross-site cookie behavior and prevent CSRF attacks.
View pattern - Pattern NEW
Secure Token Storage
Store authentication tokens safely using httpOnly cookies, secure flags, or encrypted storage to prevent token theft.
View pattern - Pattern NEW
Subresource Integrity
Use integrity hashes on external scripts and stylesheets to ensure resources haven't been tampered with.
View pattern - Pattern NEW
Trusted Types
Use browser APIs to enforce type checking on dangerous sinks like innerHTML to eliminate DOM-based XSS vulnerabilities.
View pattern
Stay Updated
Get New Patterns
in Your Inbox
Join thousands of developers receiving weekly insights on frontend architecture patterns