Single Page Applications and static websites also deserve some security

Update: HTTP security headers are now only available for apps that run one of the Sqreen agents.

Few years back, a major shift happened in the way we develop on the Web: we no longer develop only websites, we develop web applications.

Thanks to modern frameworks like AngularJS, ReactJS, and VueJS, web developers are empowered to build rich and interactive applications that provide user experiences similar to what only native apps were able to provide.

With great power comes great responsibility, and this brand new app category is of course as exposed to security threats as any other. Thankfully, web browsers provide powerful security tools that developers can use to help lock down their applications.

Sqreen’s mission is to make security accessible to all web developers. Today, we’re proud to introduce a brand new application protection category, enabling you to protect your Single Page Applications (SPA) and static websites in 4 simple steps.

Sqreen Dashboard for SPA / Static websites
Sqreen Dashboard for SPA / Static websites

Sqreen will help you protect your client applications against cross-site scripting (XSS) (thanks to X-XSS-Protection header and Content Security Policy), Clickjacking (with the X-Frame-Options header), Referer leaking (with the X-Referrer-Policy header), and arbitrary content upload (with the X-Content-Type-Options header). We’ll also guide you in deploying these headers with hosting solutions like Netlify and also Apache and Nginx.

One may say: “my framework is already providing me such level of security, why should I use Sqreen on top of it?”. You’re totally right, some frameworks like Ruby on Rails do.

Sqreen enables you to go further by letting you delegate the management to the most relevant teams within your organization (most likely your security or DevOps team).

On top of that, our CSP monitoring mode streamlines the content security policy crafting process by recording and filtering the most important domains you should include in your policy, in a continuous and real-time way.

This release is only a first step for us to provide great and easy to set up protection for applications living in browsers. We are super excited about all this and hope you are too. We would love to hear back your thoughts and how Sqreen could help you protect your applications further.