Cyber Glossary
Clear definitions and practical examples for people who want to understand the theme without drowning in jargon.
CSP
Content Security Policy
A browser policy that limits where scripts, styles, images and frames can load from.
HSTS
HTTP Strict Transport Security
A header that tells browsers to use HTTPS for future visits.
SPF
Sender Policy Framework
A DNS TXT record listing servers allowed to send email for a domain.
DKIM
DomainKeys Identified Mail
A signature system that helps prove an email was authorized by the sending domain.
DMARC
Domain-based Message Authentication
A policy layer that tells receivers what to do when SPF or DKIM checks fail.
TLS
Transport Layer Security
The protocol behind HTTPS, used to encrypt traffic and authenticate servers.
JWT
JSON Web Token
A compact token format commonly used for authentication and authorization claims.
IOC
Indicator of Compromise
A technical clue such as an IP, domain, URL, hash or email linked to suspicious activity.
CVE
Common Vulnerabilities and Exposures
A public identifier for a known security vulnerability.
OSINT
Open Source Intelligence
Information gathered from public sources without intrusive access.
SSRF
Server-Side Request Forgery
A bug where a server can be tricked into requesting internal or unintended resources.
WAF
Web Application Firewall
A filtering layer that can detect and block common malicious web traffic patterns.
Want to apply these concepts?
Open the cyber toolkit and test headers, DNS, TLS, privacy and identity signals on public assets you own.
Open tools