my name is Frederik Braun and I currently work as a Staff Security Engineer at Mozilla in Berlin. This blog's content is heavily influenced by my work in security, but it is a personal blog and opinions do not reflect anyone else's than mine.

If you are using a CDN to serve your website's JavaScript files, you might want to look into Subresource Integrity, which became a W3C Recommendation in 2016.

In the fall of 2013 I have co-authored a whitepaper about the benefits of the X-Frame-Options security header with Mario Heiderich. It mostly shows attacks and techniques against website that can be framed.

I once wrote a thesis about the Same Origin Policy and its state in the API-rich HTML5 browsers in Summer 2012, which concluded my studies of IT-Security at the Ruhr-University in Bochum. This is also where I co-founded the CTF team fluxfingers.

If you still want to know more, I suggest you read some of my blog posts. You may also contact me.