Open Web Docs

We've written a new guide on Session Management!

Once you authenticated your users, you will need to manage their sessions.

This guide walks you through two different architectures for session management (cookies and JWTs) and describes common session attacks to watch out for.

For now, this […]

We've written a new guide on Session Management!

Once you authenticated your users, you will need to manage their sessions.

This guide walks you through two different architectures for session management (cookies and JWTs) and describes common session attacks to watch out for.

For now, this […]

Can I WebView… Documentation for WebView capatibilities, limitations and features

Hey @niklasmerz, thank you so much for your kind donation to Open Web Docs! 💜

It's always a pleasure talking to you about WebViews and figuring out compat data for https://caniwebview.com/

Everyone, join the W3C WebView CG to be part of WebView conversations: https://www.w3.org/groups/cg/webview/

Open Web Docs Impact and Transparency Report 2025 Open Web Docs supports web platform documentation for the benefit of web developers & designers worldwide. We are a community of web developers, standards makers, and technology companies that rely on this documentation as critical digital infrastructure, and we work cooperatively to ensure its long-term success and maintenance.

Open Web Docs 2025 Report

We're reflecting on our fifth year of ensuring the long-term health of web platform documentation.

Happy 5-year anniversary to us! 🍰
Thanks to the many individuals and organizations for your support on our journey! 💜

https://openwebdocs.org/content/reports/2025/

Do you delegate web security to security specialists or are you responsible yourself for implementing web security features and practices?

The W3C SWAG CG survey asks this and other questions and we would value your input as we create Web Security documentation […]

We've written a new guide on Passkeys!

Passkeys address many of the most serious weaknesses of other authentication methods.

In this guide we will:
- Introduce you to the WebAuthn API
- Go through registration and sign-in flows
- Give an overview of the security properties of passkeys
- […]

Can I WebView… Documentation for WebView capatibilities, limitations and features

Learning about WebViews at the #FOSDEM Browsers & Web Platform dev room, including the https://caniwebview.com site that (much like CanIUse) tells developers which features are available in which webviews – using BCD data maintained by OpenWebDocs (which was presented earlier by @patrickbrosset).

We've written a new guide on Passkeys!

Passkeys address many of the most serious weaknesses of other authentication methods.

In this guide we will:
- Introduce you to the WebAuthn API
- Go through registration and sign-in flows
- Give an overview of the security properties of passkeys
- […]

RE: https://mas.to/@patrickbrosset/115695467325719901

In 2025, we systematically collected compat data for 28 browser releases:

Firefox 135 - 147
Chrome 133 - 144
Safari 18.4, 26, 26.2

We're keeping your compat tables up-to-date.

React2Shell reflects a prototype pollution bug.

We recently wrote about how defend against prototype pollution attacks:

https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/Prototype_pollution

We've written a new guide on one-time password (OTP) authentication.

The article discusses three common implementations for one-time passwords:
E-mail, SMS, and time-based one-time passwords (TOTP).

We recommend TOTP in this comparison. Learn why […]

Hanging out with the awesome, hand chiseled, @openwebdocs crew @estelle, @floscholz and Will Bamberg at @w3c #TPAC in Kobe!

We're creating a new series of articles about Authentication.

Our first new guide is about classic passwords -- the original method to authenticate and still the most common on the web. A refresher about password attacks, defenses and best practices […]

We've written a new guide on JavaScript Prototype Pollution and how to defend against it:

https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/Prototype_pollution

Many thanks to @joshcena, Aaron Shim, and Maurice Dauer for your help and feedback.

We've written a new guide on JavaScript Prototype Pollution and how to defend against it:

https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/Prototype_pollution

Many thanks to @joshcena, Aaron Shim, and Maurice Dauer for your help and feedback.

We've written a new guide on Supply Chain Attacks:

https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/Supply_chain_attacks

Many thanks to the W3C SWAG CG and @ljharb for the reviews and feedback! #websecurity

We've written a new guide on Supply Chain Attacks:

https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/Supply_chain_attacks

Many thanks to the W3C SWAG CG and @ljharb for the reviews and feedback! #websecurity

We're happy to share that @sovtechfund invests in Web Security and Privacy Documentation!

Over the coming year, Open Web Docs will be working on creating and updating Security and Privacy documentation for web developers on @mdn.

Full announcement […]

We're happy to share that @sovtechfund invests in Web Security and Privacy Documentation!

Over the coming year, Open Web Docs will be working on creating and updating Security and Privacy documentation for web developers on @mdn.

Full announcement […]

Frederik Braun � (@freddy@security.plumbing) 3.51K Posts, 566 Following, 1.34K Followers · 👨‍👩‍👧‍👦 Dad // 👨‍💻🛡️🦊 Security Engineer & Manager for Mozilla Firefox // ⛺🚴 Cyclist // 👨‍🎓👨‍🏫 co-founded CTF team fluxfingers in '07. // opinions are my own and I do not speak for my employer.

We've written a new guide on XS-Leaks:

https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XS-Leaks

Many thanks to @freddy, Hamish Willee, @MartinaKraus11, and @terjanq for your reviews and collaboration. #websecurity

Frederik Braun � (@freddy@security.plumbing) 3.51K Posts, 566 Following, 1.34K Followers · 👨‍👩‍👧‍👦 Dad // 👨‍💻🛡️🦊 Security Engineer & Manager for Mozilla Firefox // ⛺🚴 Cyclist // 👨‍🎓👨‍🏫 co-founded CTF team fluxfingers in '07. // opinions are my own and I do not speak for my employer.

We've written a new guide on XS-Leaks:

https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XS-Leaks

Many thanks to @freddy, Hamish Willee, @MartinaKraus11, and @terjanq for your reviews and collaboration. #websecurity

Launching the W3C Docs Community Group Open Web Docs supports web platform documentation for the benefit of web developers & designers worldwide. We are a community of web developers, standards makers, and technology companies that rely on this documentation as critical digital infrastructure, and we work cooperatively to ensure its long-term success and maintenance.

Launching the W3C Docs Community Group

https://openwebdocs.org/content/posts/w3c-docs-cg/

Barry Pollard (@tunetheweb@webperf.social) 637 Posts, 226 Following, 770 Followers · Web Performance Developer Advocate for Google Chrome helping to make the web go faster! All opinions my own.

Reducing the transport size of HTTP responses with a compression dictionary.

New MDN article written by @tunetheweb and reviewed by Will Bamberg.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Compression_dictionary_transport

W3C Docs CG

As presented at the W3C Breakouts Day last week, we're considering launching a W3C Documentation Community Group. A place for technical writers, specification authors, and web developers to meet and discuss docs with the goal of providing a better understanding of web technologies […]

Igalia (@igalia@floss.social) 597 Posts, 48 Following, 1.81K Followers · Igalia is an open source consultancy specialized in the development of innovative projects and solutions with desktop, mobile, and web technologies.

Thank you @igalia for renewing your Open Web Docs membership and sponsoring us again in 2025! 💜

Igalia has been sponsoring OWD for the 5th time already! Sustainable funding allows us to maintain documentation in the long-term.

Frederik Braun � (@freddy@security.plumbing) 3.34K Posts, 562 Following, 1.31K Followers · 👨‍👩‍👧‍👦 Dad // 👨‍💻🛡️🦊 Security Engineer & Manager for Mozilla Firefox // ⛺🚴 Cyclist // 👨‍🎓👨‍🏫 co-founded CTF team fluxfingers in '07. // opinions are my own and I do not speak for my employer.

We're continuing our journey through attacks and defenses on the web platform.

We've now written new documentation about Cross-Site Request Forgery (CSRF) attacks:

https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/CSRF

Thank you @freddy for the reviews!

Andreu Botella :verified_enby: (@andreu@andreubotella.com) 189 Posts, 46 Following, 130 Followers · Browser engineer at @igalia@floss.social, currently working on layout on Chromium (Google Chrome), as well as on interoperability between browsers and server-side JS runtimes as a co-chair of WinterTC. I'm also: - A math/physics/linguistics geek. - Linux guy. - Atheist / secular humanist. - G(r)ay asexual, as well as aromantic. - Non-binary.

Thank you for becoming a monthly OWD supporter on our Open Collective, @andreu 💜

https://opencollective.com/open-web-docs

Tomorrow is W3C Breakouts Day! You can join online!

We're leading a session to talk about documentation for web technologies and whether we need a more regular place to discuss in form of a W3C Docs Community Group.

Session link […]

Bloomberg Backs Open Web Docs to Support High-Quality Web Platform Documentation for All

https://www.bloomberg.com/company/stories/bloomberg-backs-open-web-docs/

We're happy to announce that Bloomberg joins Open Web Docs!

“By supporting OWD, Bloomberg is investing in the long-term sustainability of the open web. We’re ensuring that developers have the tools they need to build, create, and maintain a healthy and accessible web for everyone.” says Alyssa […]