← Back to Roadmaps
Web Security: The Modern Browser Model - Learning Roadmap | Nemorize
Loading roadmap...
Learning Topics
This roadmap covers the following topics:
✅ Browser Security Foundations
- ✅ Same-Origin Policy Deep Dive
- ⚪ Origin Definition and Matching
- ✅ Cross-Origin Read Blocking
- ⚪ SOP Exceptions and Pitfalls
- ✅ HTTPS and Transport Security
- ⚪ HTTPS Misconceptions
- ⚪ HSTS and Certificate Pinning
- ⚪ Mixed Content Vulnerabilities
✅ Cross-Origin Resource Sharing (CORS)
- ✅ CORS Protocol Mechanics
- ✅ Simple vs Preflighted Requests
- ✅ CORS Credentials and Cookies
- ⚪ CORS Security Anti-patterns
- ✅ Resource Isolation Policies
- ✅ Cross-Origin Resource Policy
- ✅ Cross-Origin Embedder Policy
- ✅ Spectre Mitigation Context
- ⚪ SharedArrayBuffer Security Model
✅ Content Security Policy (CSP)
- ✅ CSP Directive Architecture
- ✅ CSP Levels and Evolution
- ⚪ Strict CSP Implementation
- ✅ CSP Reporting and Monitoring
- ✅ Trusted Types for DOM XSS
- ⚪ Trusted Types API Fundamentals
- ⚪ DOM XSS Attack Vectors
- ⚪ Migration to Trusted Types
✅ Cookie Security and Partitioning
- ✅ SameSite Cookie Attribute
- ⚪ CSRF Protection with SameSite
- ⚪ SameSite Default Behavior
- ⚪ Top-Level Navigation Exceptions
- ✅ Cookie Prefixes and Partitioning
✅ Permissions and Feature Policy
- ✅ Permissions-Policy Directives
- ⚪ Feature Policy Allowlists
- ⚪ Iframe Feature Delegation
- ⚪ Permission Policy Use Cases
Sign in to share your feedback and rate this roadmap
Loading comments...
Community Feedback
Share your thoughts and rate this roadmap