The Web faces a host of well-known but persistent threats: XSS, CSRF, MITM, Phishing, Clickjacking, etc. Developers are aware of the threats and mitigation strategies but the rates that the bugs are introduced and discovered in websites remains stable. Mozilla believes declarative security mechanisms hold promise for reliable attack mitigation.