best-practices

Solid

Apply modern web development best practices for security, compatibility, and code quality. Use when asked to "apply best practices", "security audit", "modernize code", "code quality review", or "check for vulnerabilities".

Testing & QA 2,266 stars 208 forks Updated 1 months ago MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%

100

Recency 20%

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Best practices Modern web development standards based on Lighthouse best practices audits. Covers security, browser compatibility, and code quality patterns. ## Security ### HTTPS everywhere **Enforce HTTPS:** ```html  <img src="http://example.com/image.jpg"> <script src="http://cdn.example.com/script.js"></script>  <img src="https://example.com/image.jpg"> <script src="https://cdn.example.com/script.js"></script>  <img src="//example.com/image.jpg"> ``` **HSTS Header:** ``` Strict-Transport-Security: max-age=31536000; includeSubDomains; preload ``` ### Content Security Policy (CSP) ```html  <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://trusted-cdn.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; connect-src 'self' https://api.example.com;">  ``` **CSP Header (recommended):** ``` Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-abc123' https://trusted.com; style-src 'self' 'nonce-abc123'; img-src 'self' data: https:; connect-src 'self' https://api.example.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; ``` **Using nonces for inline scripts:** ```html <script nonce="abc123"> // This inline script is allowed </scr...

Details

Author: addyosmani
Repository: addyosmani/web-quality-skills
Created: 4 months ago
Last Updated: 1 months ago
Language: Shell
License: MIT

Similar Skills

Semantically similar based on skill content — not just same category

Web & Frontend Listed