comptia-itfunfc0u61-2-4-1-web-browser-settings
Script Blockers
A script blocker is a software tool or browser extension that is designed to block or disable scripts on a website. Scripts are small pieces of code that are embedded in a web page and can be used to perform a variety of functions, such as loading content, running animations, or executing interactive elements.
Proxy Server
A server that acts as an intermediary between a user and the Internet.
Caching/clearing cache
A temporary storage area in memory or on disk that holds the most recently downloaded Web pages.
Form Data
Information that you have typed into forms, such as your sign-in name, e-mail address, and street address.
SSL/TLS
SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), are cryptographic protocols that are used to secure data transmitted over the internet. SSL/TLS is used to encrypt the communication between a web server and a web browser, such as when a user enters sensitive information such as login credentials, credit card details, or personal data on a website. SSL/TLS helps to prevent interception, eavesdropping, and tampering by third parties, as it ensures that the data is transmitted securely and cannot be accessed by unauthorized parties.
Why would you deactivate client-side scripting
Security concerns: One reason to deactivate client-side scripting is to enhance security. Malicious scripts can be used to exploit vulnerabilities in a user's browser or computer, and can be used to steal sensitive information, install malware, or take control of the user's system. Disabling client-side scripting can reduce the risk of such attacks, although it should be noted that there are many other potential security risks that may still exist. Performance: Client-side scripting can sometimes slow down the performance of a web page, especially if the script is large or complex. Disabling client-side scripting can sometimes speed up the loading and rendering of web pages. Accessibility: Some users with disabilities may rely on assistive technology that may not be fully compatible with client-side scripting. In some cases, disabling client-side scripting can make a website or web application more accessible to these users.
Types of web certificates
There are several types of web certificates, including domain-validated certificates, organization-validated certificates, and extended validation certificates. The level of validation and verification required for each type of certificate varies, and they are issued by trusted certificate authorities (CAs) such as DigiCert, GlobalSign, and Comodo.
Customization tools
These add-ons allow users to customize the appearance and functionality of their browser, such as by adding new themes, toolbars, or shortcuts.
Ad blockers
These add-ons block ads from appearing on web pages, which can improve page load times and reduce distractions for the user. Password managers: These add-ons store login credentials for websites and automatically fill them in when the user visits a site, which can save time and improve security.
Download managers
These add-ons provide enhanced download capabilities, such as the ability to resume interrupted downloads or to download multiple files simultaneously.
Third-party cookies
These cookies are created by a domain other than the one that the user is visiting, such as an advertising network or a social media platform.
First-party cookies
These cookies are created by the website that the user is visiting.
Persistent cookies
These cookies remain on a user's device even after the browser is closed and can be used to remember a user's preferences or login information.
Cross-Site Scripting (XSS)
This is a type of attack where an attacker injects malicious code into a web page, which is then executed by a user's browser.
Web certificates
also known as digital certificates or SSL/TLS certificates, are electronic documents that are used to verify the identity of a website and encrypt the communication between the website and its users.
Code injection
an attacker injects code into a web application's input fields, which is then executed by the server or by other users who view the data. Code injection attacks can be used to bypass security controls, escalate privileges, or perform other malicious actions.
Cached Credentials
type of authentication data that is temporarily stored on a user's computer or device after they have logged in to a network or application
Session cookies
cookies stored in memory and deleted when the browser is closed
Scripting attacks
malicious attempts to exploit vulnerabilities in scripts used in web applications or on web pages. These attacks typically target client-side scripts, such as JavaScript, which are executed in the user's browser, but can also target server-side scripts and other scripting languages.
Scripting
the process of creating or using scripts, which are sets of instructions or commands that are written in a scripting language and used to automate or perform various tasks on a computer or web application.
Client-side scripting
the process of using scripts that are executed on the client's web browser to create dynamic and interactive web pages. Client-side scripting is typically used to enhance the functionality of a website by providing a more engaging user experience
Privacy and security tools
these add-ons provide additional protection against tracking, malware, and other security threats, such as VPNs, anti-virus software, and firewalls.
Validation and Extended Validation
Validation and Extended Validation (EV) are two different types of SSL/TLS certificates.
Popup blockers
A pop-up blocker is a software tool or feature that is designed to prevent unwanted or unnecessary pop-up windows from appearing on a user's computer or mobile device. Pop-up blockers work by analyzing the content of a web page and detecting any code or scripts that attempt to open a new browser window or dialog box.
Add-ons or extensions for web browsers
Add-ons or extensions are software components that can be added to a web browser to add new features, customize the user interface, or enhance the browsing experience in some way
CSS
CSS stands for Cascading Style Sheets. It is a style sheet language used for describing the presentation and layout of HTML or XML documents, including colors, fonts, spacing, and other visual elements.
HTML
HTML stands for Hypertext Markup Language. It is the standard markup language used to create web pages and web applications. HTML uses a series of markup tags and attributes to define the structure and content of a web page, including headings, paragraphs, images, hyperlinks, tables, forms, and other elements.
Check Website Validity
HTTPS in the URL: Look for "https" instead of "http" at the beginning of the URL in the address bar of your web browser. The "s" stands for secure and indicates that the website is using an SSL/TLS certificate to encrypt the data transmitted between your browser and the server. Padlock icon: Check for a padlock icon in the address bar or at the bottom of your browser window. The padlock indicates that the website is secure and has a valid SSL/TLS certificate. Website identity: Look for information about the website's identity and ownership, such as the company name, physical address, and contact information. This information should be clearly visible on the website and match the details provided in the SSL/TLS certificate. Warning messages: Be wary of warning messages or pop-ups that may indicate that the website is unsafe or that the SSL/TLS certificate is invalid or expired. Secure payment methods: If you are making a payment or entering sensitive information on the website, check that the payment method is secure and reputable, such as PayPal or a major credit card company.
scripting languages
JavaScript, Python, Perl, Ruby, and Bash
Popup
Pop-ups are windows or dialog boxes that appear on top of a website or other software application. They are typically used to display additional information, advertisements, or other types of content.
cookies
Small text files that are sent to your computer from certain websites. They track your behaviour and transactions.
Clickjacking
This type of attack involves overlaying a transparent layer on top of a legitimate web page, which tricks the user into clicking on hidden or disguised buttons or links. Clickjacking can be used to perform actions on the user's behalf, such as clicking ads or sharing content on social media.
Denial of Service (DoS)
This type of attack involves overwhelming a web server or web application with a flood of requests, which can cause it to crash or become unresponsive. Scripts can be used to automate this type of attack and make it more effective.
difference between validation and EV certificates
is the level of trust and assurance they provide to website visitors. EV certificates provide a higher level of assurance and are recommended for websites that handle sensitive information, such as e-commerce sites, online banking, and other financial services. The green address bar and company name displayed in the browser provide additional visual cues to users that the website is legitimate and trustworthy.