BTW if JS is of we can use <meta http-equiv Set Cookie>
Content-Security-Policy: can-set-cookies-for-parent-domain: no!
There's no harm in letting haxx0r.blogspot.com set cookies for haxx0r.blogspot.com. It's only cookies for blogspot.com that should be restricted.
Content-Security-Policy: can-set-cookies-for-parent-domain: no!
There's no harm in letting haxx0r.blogspot.com set cookies for haxx0r.blogspot.com. It's only cookies for blogspot.com that should be restricted.