AntiXSLeaks

A extension to prevent XS-Leaks,
Sets secure default headers and more! (https://w3c.github.io/webappsec-post-spectre-webdev/)

Dont allow cross origin to access the window reference,
as this can leak the window length and navigation timings.
Make iframe embeds opt in (Prevents click jacking).
Block cross origin Initiator if its a protected origin (User must directly vist the origin),
Stops XS-Search attacks and URL based refected XSS.
Block hash navigations
Confirm cross-site navigations (Prevents attacks with SameSite Lax cookies and malicious subdomains)
Attempts to prevent acesss to insecure resources (like internal)

Known issues

If a protected origin redirects to a URL based XSS on the same-origin it will be allowed.

This extension uses webRequestBlocking since blocking is based on the headers received.
In order to do this the extension must be force installed with manifestv3.json when using Manifest v3
https://developer.chrome.com/docs/extensions/mv3/intro/mv3-migration/#when-use-blocking-webrequest

This extension should be installed with manifest-firefox.json

Name		Name	Last commit message	Last commit date
Latest commit History 152 Commits
CNAME		CNAME
LICENSE		LICENSE
README.md		README.md
background.js		background.js
confirm.html		confirm.html
confirm.js		confirm.js
firefox.js		firefox.js
manifest-chrome.json		manifest-chrome.json
manifest-firefox.json		manifest-firefox.json
manifestv3.json		manifestv3.json