best-practices

Featured

Apply modern web development best practices for security, compatibility, and code quality. Use when asked to "apply best practices", "security audit", "modernize code", "code quality review", or "check for vulnerabilities".

Testing & QA 1,706 stars 144 forks Updated 1 months ago MIT

Install

View on GitHub

Quality Score: 94/100

Stars 20%
100
Recency 20%
75
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Best practices Modern web development standards based on Lighthouse best practices audits. Covers security, browser compatibility, and code quality patterns. ## Security ### HTTPS everywhere **Enforce HTTPS:** ```html <!-- ❌ Mixed content --> <img src="http://example.com/image.jpg"> <script src="http://cdn.example.com/script.js"></script> <!-- ✅ HTTPS only --> <img src="https://example.com/image.jpg"> <script src="https://cdn.example.com/script.js"></script> <!-- ✅ Protocol-relative (will use page's protocol) --> <img src="//example.com/image.jpg"> ``` **HSTS Header:** ``` Strict-Transport-Security: max-age=31536000; includeSubDomains; preload ``` ### Content Security Policy (CSP) ```html <!-- Basic CSP via meta tag --> <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://trusted-cdn.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; connect-src 'self' https://api.example.com;"> <!-- Better: HTTP header --> ``` **CSP Header (recommended):** ``` Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-abc123' https://trusted.com; style-src 'self' 'nonce-abc123'; img-src 'self' data: https:; connect-src 'self' https://api.example.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; ``` **Using nonces for inline scripts:** ```html <script nonce="abc123"> // This inline script is allowed </scr...

Details

Author
addyosmani
Repository
addyosmani/web-quality-skills
Created
2 months ago
Last Updated
1 months ago
Language
Shell
License
MIT

Similar Skills

Semantically similar based on skill content — not just same category

Testing & QA Solid

general-best-practices

General software development best practices covering code quality, testing, security, performance, and maintainability across technology stacks

59 Updated 2 months ago
Mindrally
Code & Development Featured

code-review

Perform thorough code reviews with security, performance, and maintainability analysis. Use when user asks to review code, check for bugs, or audit a codebase.

50,963 Updated 1 weeks ago
shareAI-lab
Code & Development Listed

coding-standards

Universal coding standards, best practices, and patterns for TypeScript, JavaScript, React, and Node.js development.

10 Updated 1 weeks ago
GiorgioBertolotti
Web & Frontend Featured

accessibility

Audit and improve web accessibility following WCAG 2.2 guidelines. Use when asked to "improve accessibility", "a11y audit", "WCAG compliance", "screen reader support", "keyboard navigation", or "make accessible".

1,706 Updated 1 months ago
addyosmani
Testing & QA Solid

qa

Use when completing any task (final validation step), running audits, preparing for deployment, or when ESLint/TypeScript/build errors occur.

40 Updated 6 days ago
holger1411