Opt-In Mechanisms #
There are many different opt-in mechanisms that applications can deploy to defend against XS-Leaks. Note that mechanisms can overlap in terms of the techniques they defend against.
- Fetch Metadata allows the application to determine how and why a request was initiated so that it can choose to reject any malicious requests.
- Cross-Origin-Opener-Policy allows an application to prevent other websites from interacting with it via
- Cross-Origin-Resource-Policy allows an application to prevent other sites from including specific resources.
- Framing Protections allow an application to define what sites are allowed to frame it.
- SameSite Cookies allow an application to determine which requests from third party sites can include cookies.