Getting access to a website’s window object is a common prerequisite for different XS-Leak techniques. Framing Protections can ensure that an attacker cannot use iframes to access the window object, but this does not stop an attacker from accessing the window object from an opened window through window.open(url) or window.opener references. Exploiting XS-Leaks with window.open is generally seen as the least appealing option for an attacker because the user can see it happen in the open brow...| Introduction on XS-Leaks Wiki
A considerable number of XS-Leaks rely on some of the properties of iframes. If an attacker is unable to embed the contents of a page as an iframe, frame, embed or object, then the attack may no longer be possible. To mitigate XS-Leaks which rely on these objects, pages can forbid or select which origins can embed them. Doing so is possible by using the X-Frame-Options header or the CSP frame-ancestors directive.| Introduction on XS-Leaks Wiki
In order to defend against cache probing attacks, browser developers are actively working on implementing a partitioned HTTP cache functionality that would in essence ensure each website has a distinct cache. Since cache probing relies on the fact that a browser’s HTTP cache is shared across every website, a partitioned HTTP cache can defend against many cache probing techniques. This is done by using tuples (either (top-frame-site, resource-url) like firefox 1 or (top-frame-site, framing-s...| Introduction on XS-Leaks Wiki
SameSite cookies are one of the most impactful modern security mechanisms for fixing security issues that involve cross-site requests. This mechanism allows applications to force browsers to only include cookies in requests that are issued same-site 1. This type of cookie has three modes: None, Lax, and Strict. SameSite Cookie Modes # The following SameSite cookie modes are available: None – Disables all protections and restores the old behavior of cookies. This mode is not recommended.| Introduction on XS-Leaks Wiki
Section 9.1.1 in RFC7540 explains how HTTP/2 clients can reuse connections. This is my lengthy way of explaining how this works in reality. Many connections in HTTP/1 With HTTP/1.1, browsers are typically using 6 connections per origin (host name + port). They do this to overcome the problems in HTTP/1 and how it uses TCP … Continue reading HTTP/2 connection coalescing →| daniel.haxx.se