A diverse environment like your WordPress site is inherently difficult to control. If you are a developer, you can make sure your own code meets quality standards and honors best practices, but it is usually not possible to do the same for plugins created by others. It becomes even more of a problem if you are required to rely on third-party code entirely, for example when you maintain a WordPress site, but don’t write extensions for it yourself.
Recently, new browser technologies have been introduced to help tackle such issues. Content Security Policies and Feature Policies allow you to define contracts between your site and the browser, efficiently enforcing your site to stick to certain best practices you define. You don’t want your site to ever serve images that are too large? You don’t want your site to ever give the user that pop-up for browser notifications? These new policies put you in control over how your site interacts with the user, relying on the browser as a middle man. If there is a violation of the policies you have defined, the browser can inform you via a new Reporting API standard, allowing you to spot the problem and act upon it. This session will provide an introduction to these new technologies, and then dive into how you can use them in WordPress.