-
X-XSS-Protection: 1; mode=block: ブラウザのXSSフィルタを有効にし、XSS攻撃が検出された際にページ全体のレンダリングをブロックする
Referrer-Policy: no-referrer: リファラー情報を一切送信しない設定にする
strict-origin-when-cross-origin(現状):
同じドメイン内ではフルURLが送信されますが…
-
See https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-delivery-referrer-attribute for details
Reference #10311 for servo referrer policy implementation thus far.
-
-
*Version:*
v0.29.0
*Steps to reproduce:*
- Create new request
- Click on Auth tab in request and select "OAuth 2.0"
- Fill in appropriate Client ID, Client Secret, Access Token URL and sel…
-
Abstract
This document describes how an author can set a referrer policy for documents they create, and the impact of such a policy on the Referer HTTP header for outgoing requests…
-
See https://w3c.github.io/webappsec-referrer-policy/
Currently, Puppeteer allows setting those options and it might make sense to include it in WebDriver BiDi https://pptr.dev/api/puppeteer.gotoopt…
OrKoN updated
1 month ago
-
This should be mostly an `nginx` centric change. Few missing headers were detected during the responses returned by the API, namely:
- `strict-transport-security`
- `content-security-policy`
- `permis…
-
See https://w3c.github.io/webappsec-referrer-policy/
Necessary for https://github.com/servo/servo/issues/10309#issuecomment-203929226
-
Could you add support for Referrer-Policy header, as per https://github.com/krakenjs/lusca/commit/d3bb1b?
-
Please add a new Referrer Policy `no-referrer-when-cross-origin` that simply force the browser to behave like if `no-referrer` was specified for cross-origin requests and like if `strict-origin` was s…