| groups.google.com
The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be upgraded to HTTPS.| MDN Web Docs
The deprecated HTTP Content-Security-Policy (CSP) report-uri directive instructs the user agent to report attempts to violate the Content Security Policy. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.| MDN Web Docs
This guide covers the configuration and initialization features available to Rails applications.After reading this guide, you will know: How to adjust the behavior of your Rails applications. How to add additional code to be run at application start time.| Ruby on Rails Guides
This manual describes common security problems in web applications and how to avoid them with Rails.After reading this guide, you will know: All countermeasures that are highlighted. The concept of sessions in Rails, what to put in there and popular attack methods. How just visiting a site can be a security problem (with CSRF). What you have to pay attention to when working with files or providing an administration interface. How to manage users: Logging in and out and attack methods on all l...| Ruby on Rails Guides
Provides technical information about HTTP security headers.| owasp.org
The HTTP Referrer-Policy response header controls how much referrer information (sent with the Referer header) should be included with requests. Aside from the HTTP header, you can set this policy in HTML.| MDN Web Docs
The HTTP Content-Security-Policy response header allows website administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks.| MDN Web Docs
Adds methods to set and authenticate against a BCrypt password. This mechanism requires you to have a XXX_digest attribute, where XXX is the attribute name of your desired password.| edgeapi.rubyonrails.org
The HTTP X-Frame-Options response header can be used to indicate whether a browser should be allowed to render a page in a ,| MDN Web Docs
Website with the collection of all the cheat sheets of the project.| cheatsheetseries.owasp.org