top | item 20469533

(no title)

undecidabot | 6 years ago

Nice list. You might want to consider setting a "Referrer-Policy"[1] for sites with URLs that you'd prefer not to leak.

Also, for "Set-Cookie", the relatively new "SameSite"[2] directive would be a good addition for most sites.

Oh, and for CSP, check Google's evaluator out[3].

discuss

will4274|6 years ago

Referrer-Policy is nice, but browsers should just default to strict-origin-when-cross-origin and end the mess.