Skip to main content

Future Radar: Browser Security and Privacy

Passkeys and WebAuthn

LensGuidance
What it isPasswordless authentication based on WebAuthn credentials and platform/security-key authenticators.
Why architects should careIt changes login UX, account recovery, device trust, and support flows.
Maturity levelAdopt where identity provider and product support flows are ready.
Adoption signalPassword risk, phishing risk, or enterprise identity requirements are high.
RisksRecovery UX, shared devices, cross-platform confusion, support burden.
When to useAccount security, high-value users, enterprise SSO-adjacent flows.
When to avoidProducts without reliable recovery and support processes.
What to learn nowWebAuthn ceremonies, conditional UI, recovery, device enrollment, accessibility.
Connected chaptersPart VIII auth/session browser architecture.

Browser privacy changes

LensGuidance
What it isOngoing browser restrictions around cookies, tracking, storage, fingerprinting, attribution, and cross-site data.
Why architects should careAnalytics, personalization, attribution, embedded apps, and SSO can break when privacy assumptions change.
Maturity levelActive watch item. Treat privacy assumptions as architecture dependencies.
Adoption signalProduct depends on cross-site cookies, third-party scripts, or attribution pipelines.
RisksBroken login, lost attribution, inconsistent experiments, compliance exposure.
When to useUse privacy-preserving first-party designs by default.
When to avoidAvoid new dependence on fragile third-party tracking assumptions.
What to learn nowFirst-party data strategy, consent, Storage Access API, server-side tagging, privacy-safe analytics.
Connected chaptersPart VIII compliance/privacy, Part V edge delivery, Part XI lead funnel case study.

Trusted Types and CSP hardening

LensGuidance
What it isBrowser policies that reduce DOM XSS risk by constraining dangerous sinks and script execution.
Why architects should careThey turn security from developer discipline into enforceable runtime policy.
Maturity levelAdopt progressively for high-risk apps.
Adoption signalUser-generated content, rich text, third-party scripts, or legacy DOM manipulation.
RisksLegacy breakage, report noise, unsafe bypass policies, poor ownership.
When to useAccount portals, admin tools, content platforms, embedded apps.
When to avoidAvoid enforcement without report-only learning and remediation path.
What to learn nowCSP nonces/hashes, report-only rollout, Trusted Types policies, violation triage.
Connected chaptersPart VIII CSP and Trusted Types, browser attack surface.

Dependency and extension supply-chain risk

LensGuidance
What it isRisk from packages, scripts, browser extensions, AI tool servers, and transitive dependencies.
Why architects should careFrontend systems execute large amounts of third-party code in privileged user contexts.
Maturity levelRequired operating concern.
Adoption signalMany packages, third-party tags, MCP servers, or browser-integrated tooling.
RisksData exfiltration, build compromise, malicious update, unsafe tool execution.
When to useMaintain dependency governance continuously.
When to avoidNever ignore; tune depth to risk.
What to learn nowLockfile policy, script registry, SRI, dependency review, package provenance, tool isolation.
Connected chaptersPart 0 security, Part VIII browser attack surface, Part XIII MCP boundaries.

Source lens

  • MDN Web Authentication API
  • MDN CSP guidance
  • OWASP browser/client security guidance
  • Part VIII security chapters in this guide