tidy up links on the main practical page

mdn · chrisdavidmills · May 28, 2024 · May 28, 2024 · May 28, 2024 · May 28, 2024
commit 69de9a91b2a7d6420e27b545439689d05b353107
diff --git a/files/en-us/web/security/practical_implementation/index.md b/files/en-us/web/security/practical_implementation/index.md
@@ -30,29 +30,14 @@ The guides are listed in the order that we recommend they are implemented. This
 | [robots.txt](/en-US/docs/Web/Security/Practical_implementation/Robots_txt) | Low | Low | No | Tell robots (such as search engine indexers) how to behave, by instructing them not to crawl certain paths on the website. |
 | [Subresource integrity](/en-US/docs/Web/Security/Practical_implementation/SRI) | Low | Low | No | Verify that fetched resources (for example, from a CDN) are delivered without unexpected manipulation. |
 
-- [Properly configuring server MIME types](/en-US/docs/Learn/Server-side/Configuring_server_MIME_types)
- - : There are several ways incorrect MIME types can cause potential security problems with your site. This article explains some of those and shows how to configure your server to serve files with the correct MIME types.
-- [HTTP Strict Transport Security](/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security)
- - : The `Strict-Transport-Security:` [HTTP](/en-US/docs/Web/HTTP) header lets a website specify that it may only be accessed using HTTPS.
-- [HTTP access control](/en-US/docs/Web/HTTP/CORS)
- - : The Cross-Origin Resource Sharing standard provides a way to specify what content may be loaded from other domains. You can use this to prevent your site from being used improperly; in addition, you can use it to establish resources that other sites are expressly permitted to use.
-- [Content Security Policy](/en-US/docs/Web/HTTP/CSP)
- - : An added layer of security that helps to detect and mitigate certain types of attacks, including {{Glossary("Cross-site_scripting", "Cross Site Scripting (XSS)")}} and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. Code is executed by the victims and lets the attackers bypass access controls and impersonate users.
-- [The X-Frame-Options response header](/en-US/docs/Web/HTTP/Headers/X-Frame-Options)
- - : The `X-Frame-Options:` [HTTP](/en-US/docs/Web/HTTP) response header can be used to indicate whether a browser should be allowed to render a page in a {{ HTMLElement("frame") }}. Sites can use this to avoid [clickjacking](/en-US/docs/Glossary/Clickjacking) attacks, by ensuring that their content is not embedded into other sites.
-- Access control by configuring a website
- - : It is the best way to secure your site. You can ignore specific IPs, restrict access to certain areas of website, protect different files, protect against image hotlinking, and a lot more. For example, .htaccess file is used for websites hosted on [Apache HTTP Server](https://httpd.apache.org/).
-
 ## User information security
 
 - [How to turn off form autocompletion](/en-US/docs/Web/Security/Practical_implementation/Turning_off_form_autocompletion)
- - : Form fields support autocompletion in Gecko; that is, their values can be remembered and automatically brought back the next time the user visits your site. For certain types of data, you may wish to disable this feature.
-- [Privacy and the :visited selector](/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector)
- - : This article discusses changes made to the `getComputedStyle()` method that eliminates the ability for malicious sites to figure out the user's browsing history.
-- [Hash passwords using a secure algorithm](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html) (OWASP)
- - : Storing passwords in plain text can lead to attackers knowing and leaking the exact password of your site's users, potentially putting the users at risk. The same issues can arise if you use an old or insecure algorithm for hashing (such as md5). You should use a password-specific hashing algorithm (such as Argon2, PBKDF2, scrypt or bcrypt) instead of message digest algorithms (such as md5 and sha). This article showcases best practices to use when storing passwords.
+ - : Form fields support autocompletion; that is, their values can be remembered and automatically filled out next time a user visits your site. For certain types of data, you may wish to disable this feature; this article explains how.
 
 ## See also
 
-- [Open Web Application Security Project (OWASP)](https://owasp.org/)
-- [Cross-site scripting on OWASP](https://owasp.org/www-community/attacks/xss/)
+- [Open Web Application Security Project (OWASP): Cheatsheet series](https://cheatsheetseries.owasp.org/)
+ - : A collection of practical guides on specific application security topics.
+- [OWASP: Attacks](https://owasp.org/www-community/attacks/)
+ - : A collection of pages describing different types of security exploit, and explaining how they work.
diff --git a/files/en-us/web/security/practical_implementation/mime_types/index.md b/files/en-us/web/security/practical_implementation/mime_types/index.md
@@ -27,4 +27,9 @@ Prevent browsers from incorrectly detecting non-stylesheets as stylesheets, and
 X-Content-Type-Options: nosniff
 ```
 
+## See also
+
+- [Properly configuring server MIME types](/en-US/docs/Learn/Server-side/Configuring_server_MIME_types)
+ - : There are several ways incorrect MIME types can cause potential security problems with your site. This article explains some of those and shows how to configure your server to serve files with the correct MIME types.
+
 {{QuickLinksWithSubpages("/en-US/docs/Web/Security")}}