Defenses pages

files/en-us/_redirects.txt

@@ -4685,7 +4685,7 @@
 /en-US/docs/JavaScript/Reference/arrow_functions	/en-US/docs/Web/JavaScript/Reference/Functions/Arrow_functions
 /en-US/docs/JavaScript/Reference/default_parameters	/en-US/docs/Web/JavaScript/Reference/Functions/Default_parameters
 /en-US/docs/JavaScript/Reference/rest_parameters	/en-US/docs/Web/JavaScript/Reference/Functions/rest_parameters
-/en-US/docs/JavaScript/Same_origin_policy_for_JavaScript	/en-US/docs/Web/Security/Same-origin_policy
+/en-US/docs/JavaScript/Same_origin_policy_for_JavaScript	/en-US/docs/Web/Security/Defenses/Same-origin_policy
 /en-US/docs/JavaScript/Shells	/en-US/docs/Web/JavaScript/Reference/JavaScript_technologies_overview
 /en-US/docs/JavaScript/Strict_mode	/en-US/docs/Web/JavaScript/Reference/Strict_mode
 /en-US/docs/JavaScript/Typed_arrays	/en-US/docs/Web/JavaScript/Guide/Typed_arrays
@@ -7257,7 +7257,7 @@
 /en-US/docs/SVG_Tutorial	/en-US/docs/Web/SVG/Tutorials/SVG_from_scratch
 /en-US/docs/SVG_animation_(SMIL)_in_Firefox	/en-US/docs/Web/SVG/Guides/SVG_animation_with_SMIL
 /en-US/docs/SVG_improvements_in_Firefox_3	/en-US/docs/Mozilla/Firefox/Releases/3/SVG_improvements
-/en-US/docs/Same_origin_policy_for_JavaScript	/en-US/docs/Web/Security/Same-origin_policy
+/en-US/docs/Same_origin_policy_for_JavaScript	/en-US/docs/Web/Security/Defenses/Same-origin_policy
 /en-US/docs/Sample_.htaccess_file	/en-US/docs/Learn_web_development/Extensions/Server-side/Apache_Configuration_htaccess
 /en-US/docs/Scripting_plugins	/en-US/docs/Glossary/Plugin
 /en-US/docs/Security/CSP	/en-US/docs/Web/HTTP/Guides/CSP
@@ -7271,11 +7271,11 @@
 /en-US/docs/Security/HTTP_Strict_Transport_Security	/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security
 /en-US/docs/Security/InsecurePasswords	/en-US/docs/Web/Security/Authentication/Passwords
 /en-US/docs/Security/Insecure_passwords	/en-US/docs/Web/Security/Authentication/Passwords
-/en-US/docs/Security/MixedContent	/en-US/docs/Web/Security/Mixed_content
-/en-US/docs/Security/MixedContent/How_to_fix_website_with_mixed_content	/en-US/docs/Web/Security/Mixed_content#developer_console
-/en-US/docs/Security/MixedContent/fix_website_with_mixed_content	/en-US/docs/Web/Security/Mixed_content#developer_console
-/en-US/docs/Security/Mixed_content	/en-US/docs/Web/Security/Mixed_content
-/en-US/docs/Security/Mixed_content/How_to_fix_website_with_mixed_content	/en-US/docs/Web/Security/Mixed_content#developer_console
+/en-US/docs/Security/MixedContent	/en-US/docs/Web/Security/Defenses/Mixed_content
+/en-US/docs/Security/MixedContent/How_to_fix_website_with_mixed_content	/en-US/docs/Web/Security/Defenses/Mixed_content#developer_console
+/en-US/docs/Security/MixedContent/fix_website_with_mixed_content	/en-US/docs/Web/Security/Defenses/Mixed_content#developer_console
+/en-US/docs/Security/Mixed_content	/en-US/docs/Web/Security/Defenses/Mixed_content
+/en-US/docs/Security/Mixed_content/How_to_fix_website_with_mixed_content	/en-US/docs/Web/Security/Defenses/Mixed_content#developer_console
 /en-US/docs/Security/Securing_your_site	/en-US/docs/Web/Security/Practical_implementation_guides
 /en-US/docs/Security/Weak_Signature_Algorithm	/en-US/docs/Glossary/Hash_function
 /en-US/docs/Security_changes_in_Firefox_3.1	/en-US/docs/Mozilla/Firefox/Releases/3.5/Security_changes
@@ -14950,7 +14950,7 @@
 /en-US/docs/Web/HTTP/Proxy_servers_and_tunneling	/en-US/docs/Web/HTTP/Guides/Proxy_servers_and_tunneling
 /en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_(PAC)_file	/en-US/docs/Web/HTTP/Guides/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file
 /en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file	/en-US/docs/Web/HTTP/Guides/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file
-/en-US/docs/Web/HTTP/Public_Key_Pinning	/en-US/docs/Web/Security/Certificate_Transparency
+/en-US/docs/Web/HTTP/Public_Key_Pinning	/en-US/docs/Web/Security/Defenses/Certificate_Transparency
 /en-US/docs/Web/HTTP/Range_requests	/en-US/docs/Web/HTTP/Guides/Range_requests
 /en-US/docs/Web/HTTP/Redirections	/en-US/docs/Web/HTTP/Guides/Redirections
 /en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/document-domain	/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy
@@ -15466,7 +15466,7 @@
 /en-US/docs/Web/JavaScript/Reference/eval	/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval
 /en-US/docs/Web/JavaScript/Reference/rest_parameters	/en-US/docs/Web/JavaScript/Reference/Functions/rest_parameters
 /en-US/docs/Web/JavaScript/Reference/template_strings	/en-US/docs/Web/JavaScript/Reference/Template_literals
-/en-US/docs/Web/JavaScript/Same_origin_policy_for_JavaScript	/en-US/docs/Web/Security/Same-origin_policy
+/en-US/docs/Web/JavaScript/Same_origin_policy_for_JavaScript	/en-US/docs/Web/Security/Defenses/Same-origin_policy
 /en-US/docs/Web/JavaScript/Shells	/en-US/docs/Web/JavaScript/Reference/JavaScript_technologies_overview
 /en-US/docs/Web/JavaScript/The_performance_hazards_of__[[Prototype]]_mutation	/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/setPrototypeOf
 /en-US/docs/Web/JavaScript/The_performance_hazards_of_prototype_mutation	/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/setPrototypeOf
@@ -16279,6 +16279,7 @@
 /en-US/docs/Web/Security/CSP/Using_CSP_reports	/en-US/docs/Web/HTTP/Guides/CSP
 /en-US/docs/Web/Security/CSP/Using_CSP_violation_reports	/en-US/docs/Web/HTTP/Guides/CSP
 /en-US/docs/Web/Security/CSP/Using_Content_Security_Policy	/en-US/docs/Web/HTTP/Guides/CSP
+/en-US/docs/Web/Security/Certificate_Transparency	/en-US/docs/Web/Security/Defenses/Certificate_Transparency
 /en-US/docs/Web/Security/Do_not_track_field_guide	/en-US/docs/Web/HTTP/Reference/Headers/DNT
 /en-US/docs/Web/Security/Do_not_track_field_guide/Additional_resources	/en-US/docs/Web/HTTP/Reference/Headers/DNT
 /en-US/docs/Web/Security/Do_not_track_field_guide/Case_studies	/en-US/docs/Web/HTTP/Reference/Headers/DNT
@@ -16304,15 +16305,22 @@
 /en-US/docs/Web/Security/Do_not_track_field_guide/Tutorials/Additional_resources	/en-US/docs/Web/HTTP/Reference/Headers/DNT
 /en-US/docs/Web/Security/HTTP_strict_transport_security	/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security
 /en-US/docs/Web/Security/Insecure_passwords	/en-US/docs/Web/Security/Authentication/Passwords
-/en-US/docs/Web/Security/Mixed_content/How_to_fix_website_with_mixed_content	/en-US/docs/Web/Security/Mixed_content#developer_console
+/en-US/docs/Web/Security/Mixed_content	/en-US/docs/Web/Security/Defenses/Mixed_content
+/en-US/docs/Web/Security/Mixed_content/How_to_fix_website_with_mixed_content	/en-US/docs/Web/Security/Defenses/Mixed_content#developer_console
 /en-US/docs/Web/Security/Practical_implementation_guides/CSRF_prevention	/en-US/docs/Web/Security/Attacks/CSRF
 /en-US/docs/Web/Security/Practical_implementation_guides/Clickjacking	/en-US/docs/Web/Security/Attacks/Clickjacking
-/en-US/docs/Web/Security/Public_Key_Pinning	/en-US/docs/Web/Security/Certificate_Transparency
+/en-US/docs/Web/Security/Public_Key_Pinning	/en-US/docs/Web/Security/Defenses/Certificate_Transparency
+/en-US/docs/Web/Security/Same-origin_policy	/en-US/docs/Web/Security/Defenses/Same-origin_policy
+/en-US/docs/Web/Security/Secure_Contexts	/en-US/docs/Web/Security/Defenses/Secure_Contexts
+/en-US/docs/Web/Security/Secure_Contexts/features_restricted_to_secure_contexts	/en-US/docs/Web/Security/Defenses/Secure_Contexts/features_restricted_to_secure_contexts
 /en-US/docs/Web/Security/Securing_your_site	/en-US/docs/Web/Security/Practical_implementation_guides
 /en-US/docs/Web/Security/Securing_your_site/Configuring_server_MIME_types	/en-US/docs/Learn_web_development/Extensions/Server-side/Configuring_server_MIME_types
 /en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion	/en-US/docs/Web/Security/Practical_implementation_guides/Turning_off_form_autocompletion
 /en-US/docs/Web/Security/Subdomain_takeovers	/en-US/docs/Web/Security/Attacks/Subdomain_takeover
+/en-US/docs/Web/Security/Subresource_Integrity	/en-US/docs/Web/Security/Defenses/Subresource_Integrity
+/en-US/docs/Web/Security/Transport_Layer_Security	/en-US/docs/Web/Security/Defenses/Transport_Layer_Security
 /en-US/docs/Web/Security/Types_of_attacks	/en-US/docs/Web/Security/Attacks
+/en-US/docs/Web/Security/User_activation	/en-US/docs/Web/Security/Defenses/User_activation
 /en-US/docs/Web/Security/Weak_Signature_Algorithm	/en-US/docs/Glossary/Hash_function
 /en-US/docs/Web/Text_fragments	/en-US/docs/Web/URI/Reference/Fragment/Text_fragments
 /en-US/docs/Web/Tutorials	/en-US/docs/MDN/Tutorials

files/en-us/_wikihistory.json

@@ -124469,21 +124469,11 @@
     "modified": "2020-08-25T23:27:57.222Z",
     "contributors": ["jswisher"]
   },
-  "Web/Security/Certificate_Transparency": {
+  "Web/Security/Defenses/Certificate_Transparency": {
     "modified": "2020-11-12T17:20:50.893Z",
     "contributors": ["secdev-01", "Felicia.Ann.Kelley", "lol768"]
   },
-  "Web/Security/Firefox_Security_Guidelines": {
-    "modified": "2020-11-19T10:50:23.486Z",
-    "contributors": [
-      "chrisdavidmills",
-      "jamoozy",
-      "c2the3rd",
-      "JulianNeal",
-      "psiinon"
-    ]
-  },
-  "Web/Security/Mixed_content": {
+  "Web/Security/Defenses/Mixed_content": {
     "modified": "2020-11-23T00:24:41.415Z",
     "contributors": [
       "hamishwillee",
@@ -124531,85 +124521,7 @@
       "evilpie"
     ]
   },
-  "Web/Security/Practical_implementation": {
-    "modified": "2020-06-03T13:43:23.202Z",
-    "contributors": [
-      "jswisher",
-      "mfuji09",
-      "germain",
-      "sideshowbarker",
-      "patizenyapetshop",
-      "larsonreever",
-      "SebastienParis",
-      "tlubitz",
-      "david_ross",
-      "mbm",
-      "chrisdavidmills",
-      "JazibZaman",
-      "hashedhyphen",
-      "marumari",
-      "evilpie",
-      "Sheppy",
-      "teoli"
-    ]
-  },
-  "Web/Security/Practical_implementation/Turning_off_form_autocompletion": {
-    "modified": "2020-07-10T21:28:54.938Z",
-    "contributors": [
-      "patrickhlauke",
-      "mfuji09",
-      "mnoorenberghe",
-      "leela52452",
-      "jswisher",
-      "sruthiveeragandham",
-      "Nomeh_Uchenna_Gabriel",
-      "mfluehr",
-      "WilliamC07",
-      "hjuhlin",
-      "chrisdavidmills",
-      "LouisLazaris",
-      "devinea2",
-      "steduardo",
-      "terrylinooo",
-      "kbagot",
-      "stutrek",
-      "Didglee",
-      "rottina",
-      "Delapouite",
-      "wbamberg",
-      "John99",
-      "Manishearth",
-      "Sheppy",
-      "ConcreteGannet",
-      "teoli",
-      "contrebis",
-      "dhodder",
-      "David-Sarah Hopwood",
-      "George3",
-      "LonelyPixel",
-      "Brianegge",
-      "NickolayBot",
-      "Andreas Wuest",
-      "Brycenesbitt",
-      "Callek",
-      "VicMan",
-      "Pmsyyz",
-      "Mathieu Deaudelin"
-    ]
-  },
-  "Web/Security/Referer_header:_privacy_and_security_concerns": {
-    "modified": "2020-07-22T14:05:46.803Z",
-    "contributors": [
-      "mfuji09",
-      "bradyhanna",
-      "chrisdavidmills",
-      "..",
-      "vriojtg",
-      "cg",
-      "wbamberg"
-    ]
-  },
-  "Web/Security/Same-origin_policy": {
+  "Web/Security/Defenses/Same-origin_policy": {
     "modified": "2020-11-09T22:18:21.002Z",
     "contributors": [
       "hamishwillee",
@@ -124660,7 +124572,7 @@
       "Potappo"
     ]
   },
-  "Web/Security/Secure_Contexts": {
+  "Web/Security/Defenses/Secure_Contexts": {
     "modified": "2020-11-17T02:41:03.636Z",
     "contributors": [
       "hamishwillee",
@@ -124683,7 +124595,7 @@
       "PushpitaPikuDey"
     ]
   },
-  "Web/Security/Secure_Contexts/features_restricted_to_secure_contexts": {
+  "Web/Security/Defenses/Secure_Contexts/features_restricted_to_secure_contexts": {
     "modified": "2020-11-29T21:11:04.703Z",
     "contributors": [
       "hamishwillee",
@@ -124701,7 +124613,7 @@
       "Annevk"
     ]
   },
-  "Web/Security/Subresource_Integrity": {
+  "Web/Security/Defenses/Subresource_Integrity": {
     "modified": "2020-10-15T21:38:19.213Z",
     "contributors": [
       "freddyb",
@@ -124730,7 +124642,7 @@
       "wbamberg"
     ]
   },
-  "Web/Security/Transport_Layer_Security": {
+  "Web/Security/Defenses/Transport_Layer_Security": {
     "modified": "2020-02-22T05:07:20.975Z",
     "contributors": [
       "mfuji09",
@@ -124745,6 +124657,94 @@
       "adithya_mani"
     ]
   },
+  "Web/Security/Firefox_Security_Guidelines": {
+    "modified": "2020-11-19T10:50:23.486Z",
+    "contributors": [
+      "chrisdavidmills",
+      "jamoozy",
+      "c2the3rd",
+      "JulianNeal",
+      "psiinon"
+    ]
+  },
+  "Web/Security/Practical_implementation": {
+    "modified": "2020-06-03T13:43:23.202Z",
+    "contributors": [
+      "jswisher",
+      "mfuji09",
+      "germain",
+      "sideshowbarker",
+      "patizenyapetshop",
+      "larsonreever",
+      "SebastienParis",
+      "tlubitz",
+      "david_ross",
+      "mbm",
+      "chrisdavidmills",
+      "JazibZaman",
+      "hashedhyphen",
+      "marumari",
+      "evilpie",
+      "Sheppy",
+      "teoli"
+    ]
+  },
+  "Web/Security/Practical_implementation/Turning_off_form_autocompletion": {
+    "modified": "2020-07-10T21:28:54.938Z",
+    "contributors": [
+      "patrickhlauke",
+      "mfuji09",
+      "mnoorenberghe",
+      "leela52452",
+      "jswisher",
+      "sruthiveeragandham",
+      "Nomeh_Uchenna_Gabriel",
+      "mfluehr",
+      "WilliamC07",
+      "hjuhlin",
+      "chrisdavidmills",
+      "LouisLazaris",
+      "devinea2",
+      "steduardo",
+      "terrylinooo",
+      "kbagot",
+      "stutrek",
+      "Didglee",
+      "rottina",
+      "Delapouite",
+      "wbamberg",
+      "John99",
+      "Manishearth",
+      "Sheppy",
+      "ConcreteGannet",
+      "teoli",
+      "contrebis",
+      "dhodder",
+      "David-Sarah Hopwood",
+      "George3",
+      "LonelyPixel",
+      "Brianegge",
+      "NickolayBot",
+      "Andreas Wuest",
+      "Brycenesbitt",
+      "Callek",
+      "VicMan",
+      "Pmsyyz",
+      "Mathieu Deaudelin"
+    ]
+  },
+  "Web/Security/Referer_header:_privacy_and_security_concerns": {
+    "modified": "2020-07-22T14:05:46.803Z",
+    "contributors": [
+      "mfuji09",
+      "bradyhanna",
+      "chrisdavidmills",
+      "..",
+      "vriojtg",
+      "cg",
+      "wbamberg"
+    ]
+  },
   "Web/URI": {
     "modified": "2020-11-16T01:23:20.622Z",
     "contributors": [

files/en-us/web/security/certificate_transparency/index.md → files/en-us/web/security/defenses/certificate_transparency/index.md

@@ -1,6 +1,6 @@
 ---
 title: Certificate Transparency
-slug: Web/Security/Certificate_Transparency
+slug: Web/Security/Defenses/Certificate_Transparency
 page-type: guide
 sidebar: security
 ---

files/en-us/web/security/defenses/index.md

@@ -0,0 +1,25 @@
+---
+title: Defenses
+slug: Web/Security/Defenses
+page-type: guide
+sidebar: security
+---
+
+These pages describe web platform features that provide defenses against one or more security attacks.
+
+As a rule, there's a many-to-many relationship between attacks and defenses. In each of our [attacks guides](/en-US/docs/Web/Security/Attacks) we describe the specific defenses against that attack. In the defenses pages listed below, we provide a broader overview of these defenses and how they work.
+
+- [Certificate transparency](/en-US/docs/Web/Security/Defenses/Mixed_content)
+  - : Provides a publicly visible log of issued {{glossary("TLS")}} certificates, making it easier to detect those which were malicious or incorrectly issued.
+- [Mixed content blocking](/en-US/docs/Web/Security/Defenses/Mixed_content)
+  - : Prevents a document that was delivered over HTTPS from loading subresources (such as scripts, images, or fonts) over HTTP.
+- [Same-origin policy](/en-US/docs/Web/Security/Defenses/Same-origin_policy)
+  - : Restricts the ways in which content loaded from one {{glossary("origin")}} can access content loaded from a different origin. It controls the extent to which websites can access each other's state.
+- [Secure contexts](/en-US/docs/Web/Security/Defenses/Secure_Contexts)
+  - : A secure context is a `Window` or `Worker` for which certain standards of authentication and confidentiality are met. This usually means that it was delivered over {{glossary("HTTPS")}}. Code running in a secure context is able to use powerful web APIs that are not made available in insecure contexts.
+- [Subresource integrity](/en-US/docs/Web/Security/Defenses/Subresource_Integrity)
+  - : Enables a website to verify that scripts and stylesheets loaded from an external source (such as a {{glossary("CDN")}}) have the expected content, and have not been modified.
+- [Transport Layer Security (TLS)](/en-US/docs/Web/Security/Defenses/Transport_Layer_Security)
+  - : Enables a client to communicate securely with a server across an untrusted network. Most notably, on the web, it's used to secure HTTP connections: the resulting protocol is called {{glossary("HTTPS")}}. HTTPS is the only real defense against [Manipulator in the Middle (MITM)](/en-US/docs/Web/Security/Attacks/MITM) attacks.
+- [User activation](/en-US/docs/Web/Security/Defenses/User_activation)
+  - : To protect the user from potentially malicious websites, certain powerful APIs can only be used when the user meaning the user is currently interacting with the web page, or has interacted with the page at least once since it loaded.

files/en-us/web/security/mixed_content/index.md → files/en-us/web/security/defenses/mixed_content/index.md

@@ -1,6 +1,6 @@
 ---
 title: Mixed content
-slug: Web/Security/Mixed_content
+slug: Web/Security/Defenses/Mixed_content
 page-type: guide
 browser-compat: http.mixed-content
 sidebar: security

files/en-us/web/security/same-origin_policy/index.md → files/en-us/web/security/defenses/same-origin_policy/index.md

@@ -1,6 +1,6 @@
 ---
 title: Same-origin policy
-slug: Web/Security/Same-origin_policy
+slug: Web/Security/Defenses/Same-origin_policy
 page-type: guide
 sidebar: security
 ---

files/en-us/web/security/secure_contexts/features_restricted_to_secure_contexts/index.md → files/en-us/web/security/defenses/secure_contexts/features_restricted_to_secure_contexts/index.md

@@ -1,7 +1,7 @@
 ---
 title: Features restricted to secure contexts
 short-title: Restricted features
-slug: Web/Security/Secure_Contexts/features_restricted_to_secure_contexts
+slug: Web/Security/Defenses/Secure_Contexts/features_restricted_to_secure_contexts
 page-type: guide
 sidebar: security
 ---

files/en-us/web/security/secure_contexts/index.md → files/en-us/web/security/defenses/secure_contexts/index.md

@@ -1,6 +1,6 @@
 ---
 title: Secure contexts
-slug: Web/Security/Secure_Contexts
+slug: Web/Security/Defenses/Secure_Contexts
 page-type: guide
 spec-urls: https://w3c.github.io/webappsec-secure-contexts/
 sidebar: security