Hacker News new | ask | show | jobs
by masklinn 973 days ago
Modern browsers will straight up tell the server the resource is being loaded from an iframe via Sec-Fetch-Dest.