Opt-In Mechanisms

Opt-In Mechanisms #

There are many different opt-in mechanisms that applications can deploy to defend against XS-Leaks. Note that mechanisms can overlap in terms of the techniques they defend against.

  • Fetch Metadata allows the application to determine how and why a request was initiated so that it can choose to reject any malicious requests.
  • Cross-Origin-Opener-Policy allows an application to prevent other websites from interacting with it via window.open or window.opener.
  • Cross-Origin-Resource-Policy allows an application to prevent other sites from including specific resources.
  • Framing Protections allow an application to define what sites are allowed to frame it.
  • SameSite Cookies allow an application to determine which requests from third party sites can include cookies.