CSP policy questions

eader are present in /an HTTP response/..." So does that mean that that "Policy Refinements with Multiple Headers" doesn't apply to the scenario in this message? Or is "policy refinement" intended to apply in the above case (and similar ones)? thanks, =JeffH ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security

fyi: Preloaded STS list (in chrome)

Subject: Re: [TLS] fyi: paper on compelled, certificate creation attack and applicable appliance From: Adam Langley Date: Thu, 25 Mar 2010 13:57:47 -0400 (10:57 PDT) To: Yoav Nir Cc: Peter Gutmann , "cer...@ietf.org" , "t...@ietf.org" , "jeff.hod...@kingsmountain.com" O

fyi: Strict Transport Security (STS) specification

Of possible interest to dev-security@lists.mozilla.org denizens... [ note also that NoScript implements the (draft) STS spec as of version 1.9.8.9 ] --- Forwarded Message Date:Fri, 18 Sep 2009 18:00:50 -0700 From:=JeffH To: public-weba...@w3.org cc: Jeff Hodges