Opt-In Mechanisms #

There are many different opt-in mechanisms that applications can deploy to defend against XS-Leaks. Note that mechanisms can overlap in terms of the techniques they defend against.

• Fetch Metadata allows the application to determine how and why a request was initiated so that it can choose to reject any malicious requests.
• Cross-Origin-Opener-Policy allows an application to prevent other websites from interacting with it via window.open or window.opener.
• Cross-Origin-Resource-Policy allows an application to prevent other sites from including specific resources.
• Framing Protections allow an application to define what sites are allowed to frame it.
• SameSite Cookies allow an application to determine which requests from third party sites can include cookies.