annevk
commented
4 years ago I guess this is https://github.com/w3c/webappsec-fetch-metadata/issues/56.
Open annevk opened 4 years ago
annevk
commented
4 years ago I guess this is https://github.com/w3c/webappsec-fetch-metadata/issues/56.
I'm wondering if we should also consider adding tools for the opposite side of mixed content, not allowing yourself to be embedded or framed by a non-secure site.
Something like
X-Frame-Options: secure-onlyor perhaps a new CORP value? And perhaps advertising this through Fetch Metadata?