1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-10 00:12:09 +00:00

Privacy policy supplemental info: mention X-DNS-Prefetch-Control

This commit is contained in:
Rohan Kumar 2022-08-13 14:06:03 -07:00
parent 679feb8f5c
commit 521ad5bf9b
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479

View file

@ -101,6 +101,8 @@ By default, web browsers can share near-arbitrary identifying data with a server
By default, user agents using HTTPS may contact a certificate authority to check the revocation status of an TLS certificate. I have disabled and replaced this behavior by including an "OCSP Must-Staple" directive in the TLS certificates used by my Web servers. By default, user agents using HTTPS may contact a certificate authority to check the revocation status of an TLS certificate. I have disabled and replaced this behavior by including an "OCSP Must-Staple" directive in the TLS certificates used by my Web servers.
By default, web browsers can speculatively make DNS queries for domains linked on a page, potentially leaking information about the current page to a DNS server. I send an `X-DNS-Prefetch-Control: off` header to disable this when possible; it's respected by Chromium, Firefox, and derivatives.
By default, user agents using HTTP or HTTPS may share a "referring" location with the destination website when following a link. I have disabled this by sending a `Referrer-Policy: no-referrer` header. One exception is links on the home page's "Webrings" section; some of these require a referring domain to function. By default, user agents using HTTP or HTTPS may share a "referring" location with the destination website when following a link. I have disabled this by sending a `Referrer-Policy: no-referrer` header. One exception is links on the home page's "Webrings" section; some of these require a referring domain to function.
By default, Web browsers may share characteristics about the user's hardware, connection type, and personalizations using Client Hints and media queries. Browsers may request Web content conditionally, in response to a `media` attribute in (X)HTML documents. Browsers may leverage stylesheets that use media queries to select varying `background-image` files. No Web content on seirdy.one will send network traffic in response to media queries except <code>prefers-color-<wbr />scheme</code>, assuming the use of a standards-compliant browser. Media queries and client hints will have no impact on HTTP responses except for dark image variants. This is a single binary piece of information that isn't enough to let me realistically identify anyone. By default, Web browsers may share characteristics about the user's hardware, connection type, and personalizations using Client Hints and media queries. Browsers may request Web content conditionally, in response to a `media` attribute in (X)HTML documents. Browsers may leverage stylesheets that use media queries to select varying `background-image` files. No Web content on seirdy.one will send network traffic in response to media queries except <code>prefers-color-<wbr />scheme</code>, assuming the use of a standards-compliant browser. Media queries and client hints will have no impact on HTTP responses except for dark image variants. This is a single binary piece of information that isn't enough to let me realistically identify anyone.