René's URL Explorer Experiment


Title: Keeping Data Private | Web Browser Engineering

Generator: pandoc

direct link

Domain: browser.engineering

color-schemedark light

Links:

Twitterhttps://twitter.com/browserbook
Bloghttps://browserbook.substack.com/
Discussionshttps://github.com/browserengineering/book/discussions
Web Browser Engineeringhttps://browser.engineering/index.html
<https://browser.engineering/scripts.html
>https://browser.engineering/visual-effects.html
Buy a copy »https://global.oup.com/academic/product/web-browser-engineering-9780198913863
Buy a copy »https://global.oup.com/academic/product/web-browser-engineering-9780198913863
Cookieshttps://browser.engineering/security.html#cookies
A Login Systemhttps://browser.engineering/security.html#a-login-system
Implementing Cookieshttps://browser.engineering/security.html#implementing-cookies
Cross-site Requestshttps://browser.engineering/security.html#cross-site-requests
Same-origin Policyhttps://browser.engineering/security.html#same-origin-policy
Cross-site Request Forgeryhttps://browser.engineering/security.html#cross-site-request-forgery
SameSite Cookieshttps://browser.engineering/security.html#samesite-cookies
Cross-site Scriptinghttps://browser.engineering/security.html#cross-site-scripting
Content Security Policyhttps://browser.engineering/security.html#content-security-policy
Summaryhttps://browser.engineering/security.html#summary
Outlinehttps://browser.engineering/security.html#outline
Exerciseshttps://browser.engineering/security.html#exercises
https://browser.engineering/security.html#cb3-1
https://browser.engineering/security.html#cb3-2
https://browser.engineering/security.html#cb3-3
https://browser.engineering/security.html#cb3-4
https://browser.engineering/security.html#cb3-5
https://browser.engineering/security.html#cb3-6
https://browser.engineering/security.html#cb3-7
https://browser.engineering/security.html#cb3-8
https://browser.engineering/security.html#cb3-9
https://browser.engineering/security.html#cb4-1
https://browser.engineering/security.html#cb4-2
https://browser.engineering/security.html#cb4-3
https://browser.engineering/security.html#cb4-4
https://browser.engineering/security.html#cb4-5
https://browser.engineering/security.html#cb4-6
https://browser.engineering/security.html#cb5-1
https://browser.engineering/security.html#cb5-2
https://browser.engineering/security.html#cb5-3
https://browser.engineering/security.html#cb5-4
https://browser.engineering/security.html#cb5-5
https://browser.engineering/security.html#cb5-6
https://browser.engineering/security.html#cb5-7
https://browser.engineering/security.html#cb6-1
https://browser.engineering/security.html#cb6-2
https://browser.engineering/security.html#cb6-3
https://browser.engineering/security.html#cb6-4
https://browser.engineering/security.html#cb6-5
https://browser.engineering/security.html#cb6-6
https://browser.engineering/security.html#cb6-7
https://browser.engineering/security.html#cb6-8
https://browser.engineering/security.html#cb6-9
original specificationhttps://curl.se/rfc/cookie_spec.html
Wikipediahttps://en.wikipedia.org/wiki/Magic_cookie
X11https://en.wikipedia.org/wiki/X_Window_authorization#Cookie-based_access
https://browser.engineering/security.html#cb7-1
https://browser.engineering/security.html#cb7-2
https://browser.engineering/security.html#cb7-3
https://browser.engineering/security.html#cb7-4
https://browser.engineering/security.html#cb8-1
https://browser.engineering/security.html#cb8-2
https://browser.engineering/security.html#cb8-3
https://browser.engineering/security.html#cb8-4
https://browser.engineering/security.html#cb8-5
Exercise 10-1https://browser.engineering/security.html#exercises
https://browser.engineering/security.html#cb9-1
https://browser.engineering/security.html#cb9-2
https://browser.engineering/security.html#cb9-3
https://browser.engineering/security.html#cb9-4
https://browser.engineering/security.html#cb9-5
https://browser.engineering/security.html#cb9-6
https://browser.engineering/security.html#cb9-7
https://browser.engineering/security.html#cb9-8
https://browser.engineering/security.html#cb10-1
https://browser.engineering/security.html#cb10-2
https://browser.engineering/security.html#cb10-3
https://browser.engineering/security.html#cb10-4
https://browser.engineering/security.html#cb10-5
https://browser.engineering/security.html#cb10-6
timing side channelhttps://en.wikipedia.org/wiki/Timing_attack
constant-time string comparisonhttps://www.chosenplaintext.ca/articles/beginners-guide-constant-time-cryptography.html
https://browser.engineering/security.html#cb11-1
https://browser.engineering/security.html#cb11-2
https://browser.engineering/security.html#cb11-3
https://browser.engineering/security.html#cb11-4
https://browser.engineering/security.html#cb11-5
https://browser.engineering/security.html#cb11-6
https://browser.engineering/security.html#cb11-7
https://browser.engineering/security.html#cb11-8
https://browser.engineering/security.html#cb11-9
https://browser.engineering/security.html#cb11-10
https://browser.engineering/security.html#cb12-1
https://browser.engineering/security.html#cb12-2
https://browser.engineering/security.html#cb12-3
https://browser.engineering/security.html#cb12-4
https://browser.engineering/security.html#cb12-5
https://browser.engineering/security.html#cb12-6
https://browser.engineering/security.html#cb12-7
https://browser.engineering/security.html#cb12-8
https://browser.engineering/security.html#cb12-9
https://browser.engineering/security.html#cb12-10
https://browser.engineering/security.html#cb12-11
https://browser.engineering/security.html#cb13-1
https://browser.engineering/security.html#cb13-2
https://browser.engineering/security.html#cb13-3
https://browser.engineering/security.html#cb13-4
Hack the Planet!https://xkcd.com/1337
https://browser.engineering/security.html#cb14-1
https://browser.engineering/security.html#cb14-2
https://browser.engineering/security.html#cb14-3
https://browser.engineering/security.html#cb14-4
https://browser.engineering/security.html#cb15-1
https://browser.engineering/security.html#cb15-2
https://browser.engineering/security.html#cb15-3
https://browser.engineering/security.html#cb15-4
https://browser.engineering/security.html#cb15-5
https://browser.engineering/security.html#cb15-6
bcrypthttps://auth0.com/blog/hashing-in-action-understanding-bcrypt/
TLS client certificateshttps://aboutssl.org/ssl-tls-client-authentication-how-does-it-works/
HTTP authenticationhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication
https://browser.engineering/security.html#cb16-1
https://browser.engineering/security.html#cb17-1
https://browser.engineering/security.html#cb17-2
https://browser.engineering/security.html#cb17-3
https://browser.engineering/security.html#cb17-4
https://browser.engineering/security.html#cb17-5
https://browser.engineering/security.html#cb17-6
https://browser.engineering/security.html#cb17-7
https://browser.engineering/security.html#cb18-1
https://browser.engineering/security.html#cb18-2
https://browser.engineering/security.html#cb18-3
https://browser.engineering/security.html#cb18-4
https://browser.engineering/security.html#cb18-5
https://browser.engineering/security.html#cb18-6
https://browser.engineering/security.html#cb18-7
RFC 2965https://datatracker.ietf.org/doc/html/rfc2965
obsoletehttps://datatracker.ietf.org/doc/html/rfc6265
historicalhttps://en.wikipedia.org/wiki/XMLHttpRequest#History
deprecation and obsolescencehttps://xhr.spec.whatwg.org/#the-open()-method
https://browser.engineering/security.html#cb19-1
https://browser.engineering/security.html#cb19-2
https://browser.engineering/security.html#cb19-3
https://browser.engineering/security.html#cb19-4
https://browser.engineering/security.html#cb20-1
https://browser.engineering/security.html#cb20-2
https://browser.engineering/security.html#cb20-3
https://browser.engineering/security.html#cb20-4
https://browser.engineering/security.html#cb20-5
https://browser.engineering/security.html#cb20-6
https://browser.engineering/security.html#cb20-7
https://browser.engineering/security.html#cb21-1
https://browser.engineering/security.html#cb21-2
https://browser.engineering/security.html#cb21-3
https://browser.engineering/security.html#cb21-4
https://browser.engineering/security.html#cb22-1
https://browser.engineering/security.html#cb22-2
https://browser.engineering/security.html#cb22-3
https://browser.engineering/security.html#cb22-4
https://browser.engineering/security.html#cb22-5
fetchhttps://developer.mozilla.org/en-US/docs/Web/API/fetch
setRequestHeaderhttps://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/setRequestHeader
getResponseHeaderhttps://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/getResponseHeader
requesthttps://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name
responsehttps://developer.mozilla.org/en-US/docs/Glossary/Forbidden_response_header_name
https://browser.engineering/security.html#cb23-1
https://browser.engineering/security.html#cb23-2
https://browser.engineering/security.html#cb23-3
https://browser.engineering/security.html#cb23-4
same-origin policyhttps://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
https://browser.engineering/security.html#cb24-1
https://browser.engineering/security.html#cb24-2
https://browser.engineering/security.html#cb24-3
https://browser.engineering/security.html#cb24-4
https://browser.engineering/security.html#cb24-5
https://browser.engineering/security.html#cb24-6
https://browser.engineering/security.html#cb25-1
https://browser.engineering/security.html#cb25-2
https://browser.engineering/security.html#cb25-3
drawImage methodhttps://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/drawImage
getImageDatahttps://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/getImageData
taintshttps://developer.mozilla.org/en-US/docs/Web/HTML/CORS_enabled_image
https://browser.engineering/security.html#cb26-1
https://browser.engineering/security.html#cb26-2
https://browser.engineering/security.html#cb26-3
https://browser.engineering/security.html#cb26-4
https://browser.engineering/security.html#cb27-1
https://browser.engineering/security.html#cb27-2
https://browser.engineering/security.html#cb27-3
https://browser.engineering/security.html#cb27-4
https://browser.engineering/security.html#cb27-5
https://browser.engineering/security.html#cb27-6
https://browser.engineering/security.html#cb27-7
https://browser.engineering/security.html#cb28-1
https://browser.engineering/security.html#cb28-2
https://browser.engineering/security.html#cb28-3
https://browser.engineering/security.html#cb28-4
click-jackinghttps://owasp.org/www-community/attacks/Clickjacking
frame-ancestors directivehttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
X-Frame-Options headerhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
MDN pagehttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
https://browser.engineering/security.html#cb30-1
https://browser.engineering/security.html#cb30-2
https://browser.engineering/security.html#cb30-3
https://browser.engineering/security.html#cb30-4
https://browser.engineering/security.html#cb30-5
https://browser.engineering/security.html#cb30-6
https://browser.engineering/security.html#cb30-7
https://browser.engineering/security.html#cb30-8
https://browser.engineering/security.html#cb30-9
https://browser.engineering/security.html#cb30-10
https://browser.engineering/security.html#cb30-11
https://browser.engineering/security.html#cb30-12
https://browser.engineering/security.html#cb30-13
https://browser.engineering/security.html#cb31-1
https://browser.engineering/security.html#cb31-2
https://browser.engineering/security.html#cb31-3
https://browser.engineering/security.html#cb31-4
use the “top-level site”https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-2.1
https://browser.engineering/security.html#cb32-1
https://browser.engineering/security.html#cb32-2
https://browser.engineering/security.html#cb32-3
https://browser.engineering/security.html#cb33-1
https://browser.engineering/security.html#cb33-2
https://browser.engineering/security.html#cb33-3
https://browser.engineering/security.html#cb33-4
https://browser.engineering/security.html#cb34-1
https://browser.engineering/security.html#cb34-2
https://browser.engineering/security.html#cb34-3
https://browser.engineering/security.html#cb34-4
https://browser.engineering/security.html#cb34-5
https://browser.engineering/security.html#cb34-6
https://browser.engineering/security.html#cb34-7
https://browser.engineering/security.html#cb34-8
https://browser.engineering/security.html#cb34-9
https://browser.engineering/security.html#cb34-10
https://browser.engineering/security.html#cb34-11
https://browser.engineering/security.html#cb34-12
https://browser.engineering/security.html#cb34-13
https://browser.engineering/security.html#cb34-14
https://browser.engineering/security.html#cb34-15
https://browser.engineering/security.html#cb34-16
https://browser.engineering/security.html#cb34-17
https://browser.engineering/security.html#cb34-18
https://browser.engineering/security.html#cb34-19
https://browser.engineering/security.html#cb35-1
https://browser.engineering/security.html#cb35-2
https://browser.engineering/security.html#cb35-3
https://browser.engineering/security.html#cb35-4
https://browser.engineering/security.html#cb35-5
an effort to do just thathttps://github.com/sbingler/Origin-Bound-Cookies
https://browser.engineering/security.html#cb36-1
https://browser.engineering/security.html#cb36-2
https://browser.engineering/security.html#cb36-3
https://browser.engineering/security.html#cb36-4
https://browser.engineering/security.html#cb36-5
https://browser.engineering/security.html#cb36-6
https://browser.engineering/security.html#cb36-7
https://browser.engineering/security.html#cb36-8
https://browser.engineering/security.html#cb36-9
https://browser.engineering/security.html#cb36-10
https://browser.engineering/security.html#cb36-11
https://browser.engineering/security.html#cb37-1
https://browser.engineering/security.html#cb37-2
https://browser.engineering/security.html#cb37-3
https://browser.engineering/security.html#cb37-4
awkward patcheshttps://jakearchibald.com/2021/cors/
https://browser.engineering/security.html#cb38-1
https://browser.engineering/security.html#cb38-2
https://browser.engineering/security.html#cb39-1
https://browser.engineering/security.html#cb40-1
https://browser.engineering/security.html#cb40-2
document.cookiehttps://developer.mozilla.org/en-US/docs/Web/API/Document/cookie
https://browser.engineering/security.html#cb41-1
https://browser.engineering/security.html#cb41-2
https://browser.engineering/security.html#cb41-3
https://browser.engineering/security.html#cb41-4
https://browser.engineering/security.html#cb41-5
https://browser.engineering/security.html#cb41-6
https://browser.engineering/security.html#cb41-7
similar attackhttps://owasp.org/www-pdf-archive/OWASPLondon20161124_JSON_Hijacking_Gareth_Heyes.pdf
Cross-Origin Read Blockinghttps://chromium.googlesource.com/chromium/src/+/refs/heads/main/services/network/cross_origin_read_blocking_explainer.md
https://browser.engineering/security.html#cb43-1
https://browser.engineering/security.html#cb43-2
https://browser.engineering/security.html#cb43-3
https://browser.engineering/security.html#cb43-4
https://browser.engineering/security.html#cb44-1
https://browser.engineering/security.html#cb44-2
https://browser.engineering/security.html#cb44-3
https://browser.engineering/security.html#cb44-4
https://browser.engineering/security.html#cb44-5
https://browser.engineering/security.html#cb44-6
https://browser.engineering/security.html#cb44-7
https://browser.engineering/security.html#cb44-8
https://browser.engineering/security.html#cb44-9
https://browser.engineering/security.html#cb44-10
https://browser.engineering/security.html#cb44-11
https://browser.engineering/security.html#cb45-1
https://browser.engineering/security.html#cb45-2
https://browser.engineering/security.html#cb45-3
https://browser.engineering/security.html#cb45-4
https://browser.engineering/security.html#cb45-5
https://browser.engineering/security.html#cb45-6
https://browser.engineering/security.html#cb45-7
https://browser.engineering/security.html#cb45-8
https://browser.engineering/security.html#cb45-9
https://browser.engineering/security.html#cb46-1
https://browser.engineering/security.html#cb46-2
https://browser.engineering/security.html#cb46-3
https://browser.engineering/security.html#cb46-4
https://browser.engineering/security.html#cb46-5
https://browser.engineering/security.html#cb46-6
https://browser.engineering/security.html#cb47-1
https://browser.engineering/security.html#cb47-2
https://browser.engineering/security.html#cb47-3
https://browser.engineering/security.html#cb47-4
https://browser.engineering/security.html#cb48-1
https://browser.engineering/security.html#cb48-2
https://browser.engineering/security.html#cb48-3
https://browser.engineering/security.html#cb48-4
https://browser.engineering/security.html#cb48-5
https://browser.engineering/security.html#cb49-1
https://browser.engineering/security.html#cb49-2
https://browser.engineering/security.html#cb49-3
https://browser.engineering/security.html#cb49-4
report-to directivehttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to
Content-Security-Policy-Report-Onlyhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
herehttps://browser.engineering/widgets/lab10-browser.html
Closehttps://browser.engineering/security.html
badssl.comhttps://badssl.com
document.cookie JavaScript APIhttps://developer.mozilla.org/en-US/docs/Web/API/Document/cookie
cannot be read or writtenhttps://datatracker.ietf.org/doc/html/rfc6265#section-5.3
opt inhttps://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
spelled that wayhttps://en.wikipedia.org/wiki/HTTP_referer#Etymology
spelled that wayhttps://en.wikipedia.org/wiki/HTTP_referer#Etymology
spelled that wayhttps://en.wikipedia.org/wiki/HTTP_referer#Etymology
Web Browser Engineeringhttps://browser.engineering/index.html
<https://browser.engineering/scripts.html
>https://browser.engineering/visual-effects.html
Pavel Panchekhahttps://pavpanchekha.com
Chris Harrelsonhttps://twitter.com/chrishtr

Viewport: width=device-width,initial-scale=1.0,user-scalable=yes


URLs of crawlers that visited me.