This is a free-to-use javascript drop-in to secure your website. It helps protect your web pages from hackers and hides itself to prevent reverse engineering attempts.
- Download cysecurity.js
- Add to web project (e.g.,
/js/security/cysecurity.js) - Include in your HTML before any other scripts:
<head>
<!-- Existing meta tags -->
<!-- Existing Content Security Policy Meta Tag -->
<script id="cysecurity" src="/js/security/cysecurity.js"></script>
</head>- Insert a CSP Meta Tag with customized list of domains
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'self' https://domain-that-gets-to-make-requests.com https://domain-that-gets-to-make-requests-2.com https://domain-that-gets-to-make-requests-3.com;">
<!-- Existing cysecurity.js tag -->
</head>| Feature | Protection Level | Impact |
|---|---|---|
| Input Sanitization | Critical | Neutralizes < > " ' & characters |
| CSP Recheck | Critical | Auto-blocks non-CSP domains |
| Certificate Validation | High | Verifies domain-certificate match |
- HTTPS Enforcement: All pages must be served over HTTPS
- CSP Compatibility: Existing CSP headers will be extended
- Modern Browsers: Supports Chrome/Firefox/Edge (IE unsupported)
-
Input Sanitization:
- Runs on every keystroke in text fields
- Blocks dangerous characters with option to unblock
- Example to allowlist:
<textarea data-sanitization="disabled"></textarea>
-
CSP Management:
- Blocks non-CSP fetches at runtime
-
Certificate Checks:
- Validates SSL certificates match requested domains
- Terminates mismatched connections
- Minimal runtime overhead (< 2ms initialization)
- Zero ongoing CPU usage during idle
- Network latency only during certificate validation
Critical Note: This script supplements but doesn't replace server-side security. Always implement backend validation and proper HTTP headers.
Send me a pull request!
Visit https://cydogbrowser.com