unsafe-url: The referrer will include the origin and the path (but not the fragment, password, or username).strict-origin-when-cross-origin (default): Send a full URL when performing a same-origin request, only send the origin when the protocol security level stays the same (HTTPS→HTTPS), and send no header to a less secure destination (HTTPS→HTTP).strict-origin: Only send the origin of the document as the referrer when the protocol security level stays the same (HTTPS→HTTPS), but don't send it to a less secure destination (HTTPS→HTTP).same-origin: A referrer will be sent for same origin, but cross-origin requests will contain no referrer information.Navigations on the same origin will still include the path. origin-when-cross-origin: The referrer sent to other origins will be limited to the scheme, the host, and the port.origin: The sent referrer will be limited to the origin of the referring page: its scheme, host, and port.no-referrer-when-downgrade: The Referer header will not be sent to origins without TLS ( HTTPS).no-referrer: The Referer header will not be sent.Indicates which referrer to send when fetching the frame's resource: This can be used in the target attribute of the, , or elements the formtarget attribute of the or elements or the windowName parameter in the window.open() method. lazy: Defer loading of the iframe until it reaches a calculated distance from the viewport, as defined by the browser.Ī targetable name for the embedded browsing context.eager: Load the iframe immediately, regardless if it is outside the visible viewport (this is the default value).Indicates how the browser should load the iframe: csp ExperimentalĪ Content Security Policy enforced for the embedded resource. See IFrame credentialless for more details. In return, the Cross-Origin-Embedder-Policy (COEP) embedding rules can be lifted, so documents with COEP set can embed third-party documents that do not. It uses a new context local to the top-level document lifetime. ![]() It doesn't have access to the network, cookies, and storage data associated with its origin. Set to true to make the credentialless, meaning that its content will be loaded in a new, ephemeral context. Note: This attribute is considered a legacy attribute and redefined as allow="payment". Allowing cross-origin use of images and canvas.HTML table advanced features and accessibility.From object to iframe - other embedding technologies.Assessment: Structuring a page of content.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |