window.performance

Performance API

October 1, 2020
Abuse window.performance
Category Attack
Defenses SameSite Cookies, CORB

Performance API # The Performance API provides access to performance-related information enhanced by the data from the Resource Timing API which provides the timings of network requests such as the duration but when there’s a Timing-Allow-Origin: * header sent by the server the transfer size and domain lookup time is also provided. This data can be accessed by using performance.getEntries or performance.getEntriesByName It can also be used to get the execution time using the difference of performance. ...