Security

ScanGov security standards and guidance.

Standards

Our Security standards.

Content security policy (CSP)

HTTP Strict Transport Security (HSTS)

security.txt

X-Content-Type-Options

Errors in the console

Clickjacking mitigation

Paste preventing inputs

Guidance

Guidance we use to build our Security standards.

CISA Website Security

21st Century Integrated Digital Experience Act

CISA Cybersecurity Performance Goals

Memorandum (M-23-22)

RFC 9116

OWASP Top 10

Indicators

Holistically addressing government digital experience.

AI-friendly

Accessibility

Content

Domain

Performance

SEO

Security

Social
Get started