Web standards

World Wide Web Consortium

The W3C is the primary international standards body for the World Wide Web. It develops the open specifications underlying HTML, CSS, accessibility (WCAG), and dozens of related web technologies, with member organizations from across industry and academia.

Short name: W3C
Scope: Web standards
Homepage: w3.org
Standards governed: 8

Standards governed by W3C

Content Security Policy Level 3 W3C Working Draft global Security The deployable CSP today. script-src, object-src, and base-uri are the three controls that actually stop XSS — the rest is optional.
Permissions-Policy W3C Working Draft global Security Locks down browser features — camera, mic, geolocation, payment, FLoC — so a compromised script can't quietly turn them on. Replaces the older Feature-Policy header.
Referrer-Policy W3C Candidate Recommendation global Security Controls what URL data leaks to other sites in the Referer header. Modern browsers default to strict-origin-when-cross-origin — match that as a baseline.
Subresource Integrity W3C Recommendation global Security Cryptographic hash on every CDN-loaded <script> and <link>. If the file changes, the browser refuses to load it. Cheap defence against supply-chain compromise.
WCAG 2.1 Level A 2.1 global Accessibility The minimum-viable baseline of the regulation-cited WCAG version. Same warning as Level A in 2.2 — failing it means basic usability is broken.
WCAG 2.1 Level AA 2.1 global Accessibility The version of WCAG most regulators actually wrote into law. EAA, UK PSBAR, and France's RGAA all cite 2.1 AA — even after 2.2 shipped.
WCAG 2.2 Level A 2.2 global Accessibility The minimum-viable accessibility baseline. If you fail Level A, sighted-mouse users are probably also having a bad time.
WCAG 2.2 Level AA 2.2 global Accessibility The web's de-facto baseline for accessibility. If a courtroom or compliance auditor asks whether your site is accessible, this is what they'll measure against.