WebSocket is a communication protocol between a browser and web server designed to speed real-time, two-way data transfer. As with many newer technologies, security best practices around WebSockets are not well evolved and can lead to a complete security breach, such as in the case of a cross-scripting attack. To protect against these attacks developers are often advised to avoid tunneling in favor of other secured protocols on top of WebSockets.