Deprecated CSPs directives

[Hipapheralkus]

Hi, I noticed that some CSP directives reported by this extender are obsolete, and are reported by your tool. Is it possible to update this extender accordingly?

• 'referrer': https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/referrer

  This feature is obsolete. Although it may still work in some browsers, its use is discouraged since it could be removed at any time. Try to avoid using it.

  • 'reflected-xss': https://bugs.chromium.org/p/chromium/issues/detail?id=657737

This was removed from CSP2, never added to CSP3, and will not ship in any other browser. We should remove it, as it is completely redundant with X-XSS-Protection, which is never going away.

Thanks

[moloch--]

Yea i've been meaning to get on this for a little while, there's also the new 'strict-dynamic' script-src which is pretty interesting.