Future Radar: Browser Security and Privacy
Passkeys and WebAuthn
| Lens | Guidance |
|---|---|
| What it is | Passwordless authentication based on WebAuthn credentials and platform/security-key authenticators. |
| Why architects should care | It changes login UX, account recovery, device trust, and support flows. |
| Maturity level | Adopt where identity provider and product support flows are ready. |
| Adoption signal | Password risk, phishing risk, or enterprise identity requirements are high. |
| Risks | Recovery UX, shared devices, cross-platform confusion, support burden. |
| When to use | Account security, high-value users, enterprise SSO-adjacent flows. |
| When to avoid | Products without reliable recovery and support processes. |
| What to learn now | WebAuthn ceremonies, conditional UI, recovery, device enrollment, accessibility. |
| Connected chapters | Part VIII auth/session browser architecture. |
Browser privacy changes
| Lens | Guidance |
|---|---|
| What it is | Ongoing browser restrictions around cookies, tracking, storage, fingerprinting, attribution, and cross-site data. |
| Why architects should care | Analytics, personalization, attribution, embedded apps, and SSO can break when privacy assumptions change. |
| Maturity level | Active watch item. Treat privacy assumptions as architecture dependencies. |
| Adoption signal | Product depends on cross-site cookies, third-party scripts, or attribution pipelines. |
| Risks | Broken login, lost attribution, inconsistent experiments, compliance exposure. |
| When to use | Use privacy-preserving first-party designs by default. |
| When to avoid | Avoid new dependence on fragile third-party tracking assumptions. |
| What to learn now | First-party data strategy, consent, Storage Access API, server-side tagging, privacy-safe analytics. |
| Connected chapters | Part VIII compliance/privacy, Part V edge delivery, Part XI lead funnel case study. |
Trusted Types and CSP hardening
| Lens | Guidance |
|---|---|
| What it is | Browser policies that reduce DOM XSS risk by constraining dangerous sinks and script execution. |
| Why architects should care | They turn security from developer discipline into enforceable runtime policy. |
| Maturity level | Adopt progressively for high-risk apps. |
| Adoption signal | User-generated content, rich text, third-party scripts, or legacy DOM manipulation. |
| Risks | Legacy breakage, report noise, unsafe bypass policies, poor ownership. |
| When to use | Account portals, admin tools, content platforms, embedded apps. |
| When to avoid | Avoid enforcement without report-only learning and remediation path. |
| What to learn now | CSP nonces/hashes, report-only rollout, Trusted Types policies, violation triage. |
| Connected chapters | Part VIII CSP and Trusted Types, browser attack surface. |
Dependency and extension supply-chain risk
| Lens | Guidance |
|---|---|
| What it is | Risk from packages, scripts, browser extensions, AI tool servers, and transitive dependencies. |
| Why architects should care | Frontend systems execute large amounts of third-party code in privileged user contexts. |
| Maturity level | Required operating concern. |
| Adoption signal | Many packages, third-party tags, MCP servers, or browser-integrated tooling. |
| Risks | Data exfiltration, build compromise, malicious update, unsafe tool execution. |
| When to use | Maintain dependency governance continuously. |
| When to avoid | Never ignore; tune depth to risk. |
| What to learn now | Lockfile policy, script registry, SRI, dependency review, package provenance, tool isolation. |
| Connected chapters | Part 0 security, Part VIII browser attack surface, Part XIII MCP boundaries. |
Source lens
- MDN Web Authentication API
- MDN CSP guidance
- OWASP browser/client security guidance
- Part VIII security chapters in this guide