SecureHeaders v3.3.0 Release Notes
-
👍 While not officially part of the spec and not implemented anywhere, support for the experimental
referrer-policy
header was preemptively added.➕ Additionally, two minor enhancements were added this version:
- Warn when the HPKP report host is the same as the current host. By definition any generated reports would be reporting to a known compromised connection. ⚠ 1. Filter unsupported CSP directives when using Edge. Previously, this was causing many warnings in the developer console.