On 4/8/09 1:49 PM, Brandon Sterne wrote:
If sites are relying on CSP for XSS protection, then perhaps they would
want to serve only "trusted content" to non-CSP users.
Additionally, knowing the portion of users whose browsers enforce CSP
(and thus are benefiting from the minimal effort put into serving a CSP
header) might be an interesting metric that web admins can present to
their managers. ;)
-Sid
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
