This is the World Wide Web Security Frequently Asked Question list (FAQ). It attempts to answer some of the most frequently asked questions relating to the security implications of running a Web server and using Web browsers.

Copies of this document can be obtained at:

• http://www.w3.org/Security/Faq/ (html)
• http://www.w3.org/Security/Faq/www-security-faq.tar.gz (tar gzipped archive)
• http://www.w3.org/Security/Faq/www-security-faq.zip (PKZIP archive)

Sorry, no text-only or postscript version is available.

This FAQ is now available in expanded book form under the title Web Security: A Step-by-Step Reference Guide, published by Addison-Wesley Longman.

This document is © copyright 1995-2000 Lincoln D. Stein. You are free to use and redistribute it according to the terms set out in the W3C Intellectual Property Notice.

Many thanks to the following people for their helpful comments and contributions to this document:

• Bob Bagwill mailto:bagwill@ncsl.nist.gov
• Jim Carroll mailto:jcarroll@wellspring.us.dg.com
• Tom Christiansen mailto:tchrist@mox.perl.com
• Mike Daren mailto:mdaren@virtc.com
• John Franks <mailto:john@math.nwu.edu
• Paul Hoffman mailto:www-servers@proper.com
• Laura Pearlman mailto:laura@usc.edu
• Louis Perrochon mailto:perrocho@inf.ethz.ch
• David Weisman mailto:weisman@osf.org
• William C. DenBesten mailto:DenBesten@cs.bgsu.edu
• Ian Redfernmailto:redferni@logica.com
• Bob Denny mailto:rdenny@dc3.com
• Eric Hammond mailto:eric.hammond@sdrc.com
• Peter Trei mailto:trei@process.com
• Brian Kendig mailto:brian@netscape.com
• Lewis Geer mailto:geer@microsoft.com
• Marc Myers mailto:marcm@cscl.com