mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-09 16:02:10 +00:00
Drop x-dns-prefetch-control header
Non-standard header of dubious merit, since my site shouldn't do prefetching in the first place.
This commit is contained in:
parent
b342b803e6
commit
695239681b
2 changed files with 0 additions and 4 deletions
|
@ -81,8 +81,6 @@ By default, web browsers may share arbitrary information with a server through H
|
|||
|
||||
By default, web browsers can share near-arbitrary identifying data with a server by executing near-arbitrary JavaScript, or store this information for future transmission. I have disabled this behavior with a "Content-Security-Policy" HTTP header that forbids script loading ("script-src: none"), script execution ("sandbox"), and making connections for any purpose other than downloading a page a user navigated to ("connect-src").
|
||||
|
||||
By default, web browsers may "pre-fetch" DNS queries for links on a page, potentially leaking information to third parties without a user's consent; I have disabled this behavior with the "X-DNS-Prefetch-Control" header. This header is respected by Chromium, Firefox, and Chromium derivatives (e.g. Google Chrome, Microsoft Edge).
|
||||
|
||||
By default, user agents using HTTPS may contact a certificate authority to check the revocation status of an TLS certificate. I have disabled and replaced this behavior by including an "OCSP Must-Staple" directive in the TLS certificates used by my Web servers.
|
||||
|
||||
By default, user agents using HTTP or HTTPS may share a "referring" location with the destination website when following a link. I have disabled this by sending a "Referrer-Policy: no-referrer" header.
|
||||
|
|
|
@ -87,8 +87,6 @@ By default, web browsers may share arbitrary information with a server through H
|
|||
|
||||
By default, web browsers can share near-arbitrary identifying data with a server by executing near-arbitrary JavaScript, or store this information for future transmission. I have disabled this behavior with a `Content-Security-Policy` HTTP header that forbids script loading (`script-src: none`), script execution (`sandbox`), and making connections for any purpose other than downloading a page a user navigated to (`connect-src`).
|
||||
|
||||
By default, web browsers may "pre-fetch" DNS queries for links on a page, potentially leaking information to third parties without a user's consent; I have disabled this behavior with the <code>X-DNS-Prefetch-<wbr />Control</code> header. This header is respected by Chromium, Firefox, and Chromium derivatives (e.g. Google Chrome, Microsoft Edge).
|
||||
|
||||
By default, user agents using HTTPS may contact a certificate authority to check the revocation status of an TLS certificate. I have disabled and replaced this behavior by including an "OCSP Must-Staple" directive in the TLS certificates used by my Web servers.
|
||||
|
||||
By default, user agents using HTTP or HTTPS may share a "referring" location with the destination website when following a link. I have disabled this by sending a `Referrer-Policy: no-referrer` header.
|
||||
|
|
Loading…
Reference in a new issue