From 521ad5bf9b46779da8890823cc890ba2cf41cebf Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Sat, 13 Aug 2022 14:06:03 -0700 Subject: [PATCH] Privacy policy supplemental info: mention X-DNS-Prefetch-Control --- content/meta/privacy.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/meta/privacy.md b/content/meta/privacy.md index 37999c8..5990f47 100644 --- a/content/meta/privacy.md +++ b/content/meta/privacy.md @@ -101,6 +101,8 @@ By default, web browsers can share near-arbitrary identifying data with a server By default, user agents using HTTPS may contact a certificate authority to check the revocation status of an TLS certificate. I have disabled and replaced this behavior by including an "OCSP Must-Staple" directive in the TLS certificates used by my Web servers. +By default, web browsers can speculatively make DNS queries for domains linked on a page, potentially leaking information about the current page to a DNS server. I send an `X-DNS-Prefetch-Control: off` header to disable this when possible; it's respected by Chromium, Firefox, and derivatives. + By default, user agents using HTTP or HTTPS may share a "referring" location with the destination website when following a link. I have disabled this by sending a `Referrer-Policy: no-referrer` header. One exception is links on the home page's "Webrings" section; some of these require a referring domain to function. By default, Web browsers may share characteristics about the user's hardware, connection type, and personalizations using Client Hints and media queries. Browsers may request Web content conditionally, in response to a `media` attribute in (X)HTML documents. Browsers may leverage stylesheets that use media queries to select varying `background-image` files. No Web content on seirdy.one will send network traffic in response to media queries except prefers-color-scheme, assuming the use of a standards-compliant browser. Media queries and client hints will have no impact on HTTP responses except for dark image variants. This is a single binary piece of information that isn't enough to let me realistically identify anyone.