[guardian-dev] Fwd: Re: [Guardian-internal] quick question about content security headers

Cédric Jeanneret guardian at ethack.org
Fri Aug 15 07:27:58 EDT 2014


Heya,

maybe this can give a first hint?
http://www.reddit.com/r/netsec/comments/2djtkt/deanonymizing_facebook_users_by_csp_bruteforcing/

Cheers,

C.


(sorry, I sent it to Harlo directly -.-. Missing "reply-to" field in here)

On 08/15/2014 12:57 PM, Harlo Holmes wrote:
> Good point, HC. Do any of you have any experience with this?
> 
> does anyone know if content security policy headers are properly
> acknowledged by all browsers?  (i.e. would chrome's pre-fetching behavior
> make that header less effective?)
> ---------- Forwarded message ----------
> From: "Hans-Christoph Steiner" <hans at guardianproject.info>
> Date: Aug 14, 2014 5:09 PM
> Subject: Re: [Guardian-internal] quick question about content security
> headers
> To: <guardian-internal at lists.mayfirst.org>
> Cc:
> 
> 
> Sounds like a good question for guardian-dev.  I don't know the answer to
> that...
> 
> .hc
> 
> Harlo Holmes wrote:
>> does anyone know if content security policy headers are properly
>> acknowledged by all browsers?  (i.e. would chrome's pre-fetching behavior
>> make that header less effective?)
>>
>> thanks!
>> harlo
>>
>> ++++++++++++++++++++++++++
>> Research Fellow, Head of Metadata
>> The Guardian Project <https://guardianproject.info>
>>
>> pgp: 0xA4469630
>> twitter: @harlo
>>
>>
>>
>> _______________________________________________
>> Guardian-internal mailing list
>>
>> Post: Guardian-internal at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-internal
>>
>> To Unsubscribe
>>         Send email to:  Guardian-internal-unsubscribe at lists.mayfirst.org
>>         Or visit: %(user_optionsurl)s
>>
>> You are subscribed as: %(user_address)s
>>
> 
> --
> PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
> _______________________________________________
> Guardian-internal mailing list
> 
> Post: Guardian-internal at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-internal
> 
> To Unsubscribe
>         Send email to:  Guardian-internal-unsubscribe at lists.mayfirst.org
>         Or visit: %(user_optionsurl)s
> 
> You are subscribed as: %(user_address)s
> 
> 
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/guardian%40ethack.org
> 
> You are subscribed as: guardian at ethack.org
> 


More information about the Guardian-dev mailing list