webMCP
Enterprise Security

Security
& Privacy

Your data security and privacy are our top priority. Learn about our comprehensive security measures, compliance standards, and privacy practices.

95%+
Test Coverage
JWE/AES
Encryption
MIT
Open Source
CSRF/JWT
Security

Enterprise-Grade Security

Multi-layered security architecture protecting your data at every level

CSRF Protection

Built-in Cross-Site Request Forgery protection with secure token generation and validation.

  • CSRF token generation
  • Token validation on all forms
  • Automatic token injection
  • Session-based validation

JWT Authentication & Scoping

JSON Web Token authentication with configurable scopes and expiration for secure API access.

  • JWT-based authentication
  • Configurable scopes and expiration
  • Secure token validation
  • Element-specific JWT scoping

JWE Payload Encryption

JSON Web Encryption for sensitive data protection with enterprise-grade encryption algorithms.

  • JWE encryption for premium users
  • Basic AES encryption (free tier)
  • Sensitive data protection
  • Secure payload transmission

Element-Level Security

Granular security controls at the individual element level with role-based access.

  • Element-specific security policies
  • Role-based access control
  • Secure DOM selector mapping
  • Input validation and sanitization

Security Auditing

Comprehensive security auditing with vulnerability scanning and compliance reporting.

  • Automated vulnerability scanning
  • Security audit logging
  • Compliance reporting
  • Regular security assessments

Multi-Model Security

Secure AI model interactions with encrypted API communications and token optimization.

  • Encrypted AI API communications
  • Secure token handling
  • Model-specific security policies
  • API key protection

Security Standards & Practices

Built with security-first principles and production-ready practices

Security Auditing

Automated vulnerability scanning and security assessment reporting

Data Protection

Privacy-focused design with minimal data collection and user consent

Open Source Security

MIT licensed core with transparent, auditable security implementations

Production Ready

Comprehensive testing with 95%+ coverage and security best practices

Security Best Practices

For Developers

  • • Enable CSRF protection in webMCP forms and components
  • • Configure JWT scoping for element-level access control
  • • Use JWE encryption for sensitive data in premium features
  • • Implement proper DOM selector to semantic role mapping
  • • Enable security auditing and vulnerability scanning
  • • Store API keys securely using environment variables
  • • Use the latest version of webMCP for security updates

For Organizations

  • • Deploy webMCP enterprise with role-based access control
  • • Enable comprehensive audit logging for compliance
  • • Use PostgreSQL backend for user management
  • • Implement JWE encryption for all sensitive data
  • • Monitor AI model interactions and token usage
  • • Establish security policies for form processing
  • • Regular webMCP security updates and patches

Security Questions?

Have security questions or want to report a vulnerability? Our security team is here to help.

Report Security Vulnerabilities

If you discover a security vulnerability, please report it responsibly to our security team.

security@wmcp.dev
Contact Security TeamSecurity Documentation