Feature-Policy security header for the whonix.org website

nurmagoz · May 2, 2021, 3:51pm

Feature-Policy is deprecated and replaced with Permissions Policy:

Patrick · May 2, 2021, 4:14pm

Similar to Whonix website security rating - "B" (Mozilla Observatory) - Content Security Policy (CSP) - #21 by Patrick.

Browsers don’t support permission policy yet and there’s no documentation (that I understand with reasonable time spent) on how to use it.

Quote Permissions-Policy - HTTP | MDN

Feature-Policy

Experimental

This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

Warning

The header has now been renamed to Permissions-Policy in the spec, and this article will eventually be updated to reflect that change.

Once that changes, I will look into it. Waiting for major browser supporting and documenting that such as Mozilla MDN.

Patrick · August 1, 2021, 4:19pm

Similar to COEP COOP CORP CORS CORB security headers for whonix.org.

nurmagoz · August 2, 2021, 1:47am

looks working good on main website and forums.

Patrick via Whonix Forum:

nurmagoz · June 27, 2022, 10:33pm

Its better for the community privacy to de-list whonix from floc tracking list.

Patrick · June 27, 2022, 11:44pm

Was already enabled.

interest-cohort=()

is visible on

nurmagoz · June 28, 2022, 9:43am

Nice!, didnt notice it just now.