- Open Web Application Security Project (OWASP)
- OWASP: Top Ten Critical Security Risks 2013
- Secure SSL Configuration for nginx, Apache, etc
- helmet: Security related middlewares for Express
- OWASP: XSS Prevention Cheat Sheet
- DOM Purify
- HTML Purifier
- OWASP AntiSamy
- IE8 Security Part IV: The XSS Filter
- IE Internals: Controlling the XSS Filter
- Mike West – Browser-side security: Mitigate the risk of XSS
- W3C Specification 1.0 (Draft for CSP 1.1)
- HTML5 Rocks: An Introduction to Content Security Policy
- Twitter Blog: CSP to the Rescue: Leveraging the Browser for Security
- Mathias Bynens: Processing Content Security Policy violation reports
- CSP Is Awesome: Generate a Content-Security-Policy header
- CSP Tester (Chrome Extension)