On Wed, Oct 8, 2014 at 11:36 AM, Peter Lepeska <bizzbys...@gmail.com> wrote:
> Does this have implications for resource hints? Do we want the ability to > specify “noreferrer” for prerendered pages? Currently noreferrer only > applies to the <a> tag. My understanding is that you set a global policy, which would apply to all requests: https://w3c.github.io/webappsec/specs/content-security-policy/#directive-referrer e.g. Content-Security-Policy: referrer no-referrer; (or equivalent meta element) ig