N. Abdelhamid, Multi-Label Rules for Phishing Classification, Applied Computing and Informatics, vol.11, issue.1, pp.29-46, 2015.

A. Barth, Internet Engineering Task Force (IETF), The Web Origin Concept, 2011.

T. Berners-lee, R. T. Fielding, U. Irvine, and L. Masinter, Uniform Resource Identifiers (URI): Generic Syntax (RFC 2396) (1998), Internet Engineering Task Force (IETF), 2017.

N. Bielova, Survey on JavaScript Security Policies and Their Enforcement Mechanisms in a Web Browser, The Journal of Logic and Algebraic Programming, vol.82, issue.8, pp.243-262, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00932730

M. Bugliesi, S. Calzavara, and R. Focardi, Formal Methods for Web Security, Journal of Logical and Algebraic Methods in Programming, vol.87, pp.110-126, 2017.

L. Catuogno and C. Galdi, Ensuring Application Integrity: A Survey on Techniques and Tools, Proceedings of the 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS 2015), pp.192-199, 2015.

W. T. Cheung, S. Ryu, and S. Kim, Development Nature Matters: An Empirical Study of Code Clones in JavaScript Applications, Empirical Software Engineering, vol.21, issue.2, pp.517-564, 2016.

C. Systems and . Inc, Umbrella Popularity List, 2018.

M. Conti, N. Dragoni, and V. Lesyk, A Survey of Man in the Middle Attacks, IEEE Communications Surveys & Tutorials, vol.18, issue.3, pp.2027-2051, 2016.

J. Cucurull, S. Guasch, and D. Galindo, A Javascript Voting Client for Remote Online Voting, Proceedings of the 13th International Conference on E-Business and Telecommunications (ICETE 2016), vol.764, pp.266-290, 2016.

P. De-ryck, M. Decat, L. Desmet, F. Piessens, and W. Joosen, Security of Web Mashups: A Survey, Proceedings of the Nordic Conference on Secure IT Systems, vol.7127, pp.223-238, 2010.

X. Dong, H. Hu, P. Saxena, and Z. Liang, A Quantitative Evaluation of Privilege Separation in Web Browser Designs, Proceedings of the European Symposium on Research in Computer Security (ESORICS 2013), vol.8134, pp.75-93, 2013.

S. Eskandari, A. Leoutsarakos, T. Mursch, and J. Clark, A First Look at BrowserBased Cryptojacking, Proceedings of the 2nd Workshop on Security & Privacy on the Blockchain, pp.1-9, 2018.

. Mozilla-foundation, Same-Origin Policy, 2018.

. Mozilla-foundation, , 2018.

M. Geihs, D. Demirel, and J. Buchmann, A Security Analysis of Techniques for Long-Term Integrity Protection, Proceedings of the 14th Annual Conference on Privacy, Security and Trust, pp.449-456, 2016.

K. Jayaraman, G. Lewandowski, P. G. Talaga, and S. J. Chapin, Enforcing Request Integrity in Web Applications, Proceedings of the IFIP Annual Conference on Data and Applications Security and Privacy, vol.6166, pp.225-240, 2010.
URL : https://hal.archives-ouvertes.fr/hal-01056686

Y. Jia, Y. Chen, X. Dong, P. Saxena, J. Mao et al., Man-in-the-BrowserCache: Persisting HTTPS Attacks via Browser Cache Poisoning, Computers & Security, vol.55, pp.62-80, 2015.

M. Korobov, , 2018.

T. Krueger and K. Rieck, Intelligent Defense against Malicious JavaScript Code, Praxis der Informationsverarbeitung und Kommunikation, vol.35, issue.1, pp.54-60, 2012.

D. Kumar, Z. Ma, Z. Durumeric, A. Mirian, J. Mason et al., Security Challenges in an Increasingly Tangled Web, Proceedings of the 26th International Conference on World Wide Web, pp.677-684, 2017.

T. Lauinger, A. Chaabane, S. Arshad, W. Robertson, C. Wilson et al., Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web, Proceedings of the the Network and Distributed System Security Symposium, 2017.

J. Ma, L. K. Saul, S. Savage, and G. M. Voelker, Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs, Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp.1245-1254, 2009.

J. Magazinius, D. Hedin, and A. Sabelfeld, Architectures for Inlining Security Monitors in Web Applications, Proceedings of the 6th International Symposium on Engineering Secure Software and Systems, vol.8364, pp.141-160, 2014.

W. Mayer and M. Schmiedecker, Turning Active TLS Scanning to Eleven, Proceedings of the 32nd IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017, pp.3-16, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01649020

N. Nikiforakis, L. Invernizzi, A. Kapravelos, S. Van-acker, W. Joosen et al., You Are What You Include: Large-Scale Evaluation of Remote JavaScript Inclusions, Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp.736-747, 2012.

F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion et al., Scikit-learn: Machine Learning in Python, Journal of Machine Learning Research, vol.12, pp.2825-2830, 2011.
URL : https://hal.archives-ouvertes.fr/hal-00650905

R. Petnel, EasyList, 2018.

V. Prokhorenko, K. R. Choo, and H. Ashman, Web Application Protection Techniques: A Taxonomy, Journal of Network and Computer Applications, vol.60, pp.95-112, 2016.

J. Ruohonen and V. Leppänen, Whose Hands Are in the Finnish Cookie Jar? In: Proceedings of the European Intelligence and Security Informatics Conference, pp.127-130, 2017.

J. Ruohonen, J. Salovaara, and V. Leppänen, Crossing Cross-Domain Paths in the Current Web, Proceedings of the 16th Annual Conference on Privacy, Security and Trust, 2018.

D. F. Somé, N. Bielova, and T. Rezk, Control What You Include! Server-Side Protection Against Third Party Web Tracking, Proceedings of the International Symposium on Engineering Secure Software and Systems, vol.10379, pp.115-132, 2017.

S. Varghese, UK Researcher Says One Line of Code Caused Ticketmaster Breach (2018), iTWire, 2018.

M. Vasek and T. Moore, Empirical Analysis of Factors Affecting Malware URL Detection, Proceedings of the eCrime Researchers Summit, pp.1-8, 2013.

, World Wide Web Consortium (W3C), W3C: Cross-Origin Resource Sharing, W3C Recommendation, 2014.

, World Wide Web Consortium (W3C), W3C: Subresource Integrity, W3C Recommendation, 2016.

M. Zalewski, Google, Inc. Available online in, vol.2, 2009.