Browser Security Features You Should Know
Understand built-in browser security features including sandboxing, HTTPS indicators, and permission controls.
Password Generator
Generate strong, random passwords
Browser Security Features
Modern browsers include sophisticated security features that protect users from malicious websites, phishing, and data theft. Understanding these features helps both users and developers.
HTTPS and Certificate Indicators
Browsers prominently indicate whether a connection is encrypted. The padlock icon means the connection uses TLS encryption — data between you and the server is encrypted in transit. It does NOT mean the website is trustworthy or legitimate. Phishing sites can (and do) use HTTPS. Extended Validation (EV) certificates used to show the company name in green, but most browsers have removed this distinction.
Site Isolation and Sandboxing
Each tab runs in a separate process, preventing a malicious page from accessing data from other tabs. JavaScript cannot read cookies or storage from different origins (Same-Origin Policy). This is why cross-site scripting (XSS) is dangerous — it executes malicious code within the trusted origin, bypassing these protections.
Permission Controls
Browsers gate access to sensitive APIs behind user permissions: camera, microphone, location, notifications, clipboard, and screen sharing. Each permission is granted per-origin and can be revoked at any time. Best practice for developers: request permissions only when needed (not on page load), explain why you need them before the browser prompt appears, and gracefully handle denial.
Safe Browsing
Google Safe Browsing (used by Chrome, Firefox, and Safari) maintains a real-time database of malicious URLs. When you navigate to a flagged URL, the browser shows a warning. This catches most known phishing and malware sites, but zero-day threats may not be flagged. The database is queried in a privacy-preserving way — your full browsing history is not sent to Google.
Password Manager Integration
Built-in password managers generate and store unique passwords for each site. They auto-fill on the correct origin only, providing phishing protection — a password for bank.com won't be offered on bank-login.com. If the password manager doesn't offer to fill a form, check the domain carefully for phishing.
相关工具
相关指南
How to Check if Your Password Has Been Compromised
Data breaches expose millions of passwords regularly. Learn how to check whether your credentials have been leaked without risking further exposure, using k-anonymity-based services and local hash comparison.
Password Managers Compared: Features That Matter
A password manager is the single most impactful security tool for most people. This comparison covers the key features to evaluate when choosing a password manager for personal or team use.
How to Strip EXIF Metadata From Photos for Privacy
Photos contain hidden metadata including GPS coordinates, device info, and timestamps. Before sharing photos online, learn how to remove this data to protect your privacy and prevent location tracking.
Encryption Best Practices for Personal Data
Encryption protects your data from unauthorized access, whether stored on your devices or transmitted over the internet. This guide covers practical encryption strategies for personal data protection.
Troubleshooting SSL/TLS Certificate Errors
SSL/TLS certificate errors prevent secure connections and scare away visitors. This guide explains common certificate warnings, their causes, and step-by-step fixes for website operators and visitors.