You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cross-Origin-Resource-Policy - enables authors to prevent other domains from loading resources by restricting any kind of cross-origin load to protect themselves against Spectre attacks. This header was originally named From-Origin. Available in Safari 12.
Cross-Origin-Window-Policy - prevents third-parties from opening/controlling a window (relates to the rel="noopener" check, I think). In Safari 12 this was implemented and renamed from Cross-Origin-Options.
@Malvoz can you please open a single issue in RFCs called "Security headers" with all of these?
We can then decide if it makes sense to split them or just have one rule that checks for all of these.
Cross-Origin-Resource-Policy- enables authors to prevent other domains from loading resources by restricting any kind of cross-origin load to protect themselves against Spectre attacks. This header was originally namedFrom-Origin. Available in Safari 12.Cross-Origin-Window-Policy- prevents third-parties from opening/controlling a window (relates to therel="noopener"check, I think). In Safari 12 this was implemented and renamed fromCross-Origin-Options.Expect-CTFeature-PolicyNon-standard:
X-Download-Optionsfor IE 8, support suggested for MS Edge.X-Permitted-Cross-Domain-Policies, considered a top-10 security header at OWASP.If you want these as seperate issues at webhintio/rfcs just let me know and I'll get to it.
The text was updated successfully, but these errors were encountered: