|
|
|
|
|
|
by hdhzy
3315 days ago
|
|
|
> X-XSS-Protection: 1 is the default since a long time for browsers supporting it and Chrome blocks by default since two releases. Do you have references to back this up? > Referrer-Policy is a matter of choice. It's a useful information for the target site as long as the referrer doesn't contain sensitive information. IMO, most sites shouldn't set this header. Exactly. I think its primary use is when the original site's URL contains user supplied input like Google Search page. |
|
|