Questions tagged [web-browser]
A web browser is an application which uses HTTP and related protocols to retrieve HTML and XML data from servers. As the web has become a critical source of information and communication, web browsers have become a critical component in information request, transfer and management.
1,687 questions
0
votes
0
answers
12
views
LinkedIn website automatically gets my email address in Edge without consent, can all websites I browse silently get my email? [closed]
I'm using Edge 135 browser on Windows 10. I am currently logged in my Gmail account, but not logged in LinkedIn.
When browsing to https://www.linkedin.com (I never logged in on this website since I ...
- 963
0
votes
0
answers
27
views
Server invisible cookies using service workers [migrated]
Service Workers allow intercepting requests. Which mean we can create virtual pages that only exists in the browser and not reached servers.
If we create such a virtual page (say /cooks), and set a ...
- 51
12
votes
4
answers
6k
views
Why are browser HTTP auth schemes stuck in 1999?
Chromium supports Basic, Digest, NTLM, and Negotiate HTTP authentication schemes. Of those, the newest is Negotiate, which was present no later than 1999, because IE5 supported it (!!!). I can't find ...
- 263
2
votes
2
answers
573
views
End-to-End Encrypted Proxy Using Password Protected Certificate
I have a thought experiment for the community, curious what everyone's take on it is, specifically what are the major flaws in the idea and how could those be addressed without significantly diverging ...
- 234
16
votes
4
answers
6k
views
How does an "enterprise browser" work?
There are some new security companies selling what they call "enterprise browsers". For instance, Island (https://www.island.io/blog/what-is-an-enterprise-browser) is one of them. Both ...
- 261
8
votes
3
answers
2k
views
Is the Origin header trustworthy for requests sent by the browser?
In another question, I implied that an application can check the Origin request header to determine where the request is from. I was under the assumption that the browser sets this to the origin of ...
- 35.4k
2
votes
0
answers
239
views
Why does Cross-Origin-Opener-Policy prevent opening links to the same-origin/domain when target="_blank" is used?
Let's say you serve a website with the header Cross-Origin-Opener-Policy: same-origin. This is a new header that, if I understood it correctly, completely separates a browsing tab/origin to prevent ...
- 1,305
1
vote
2
answers
119
views
What is the best way for a non-expert to visit a probably malicious web site? [duplicate]
What is the best way for someone who is not a professional security expert to visit a web site that is suspected, with high confidence, to be malicious but has a high value if not?
This question was ...
- 447
3
votes
1
answer
326
views
Can you help me understand JShelter's browser fingerprint protection?
I've been testing my browsers against these sites:
https://www.thumbmarkjs.com/
https://fingerprint.com/
With JShelter in recommended mode I get same hash on ThumbMarkJS site on every page load but ...
- 41
1
vote
0
answers
91
views
Is there a way to limit browser extension internet access?
Most browser extensions I use are utility like tools that do something in the DOM. Like copying HTML tables to Markdown tables, accepting cookie warnings, removing ads, regex find replace et cetera.
...
- 7,657
1
vote
0
answers
55
views
How to allow or denylist specific browser extensions in popular browsers? [closed]
After the recent news of multiple compromised popular browser extensions.
Is it possible for organizations to setup browser extension allow and denylists for common browsers such as Edge, Chromium-...
- 7,657
3
votes
3
answers
2k
views
of the cookies created by OTHER websites, which ones would the browser allow a website to access?
I know that sites can share some information between each other by sharing cookies amongst themselves. They have to be in some kind of agreement with each other I assume? Or can any random site read ...
- 201
1
vote
1
answer
322
views
Are cookies stored with encryption and and how do browsers protect them?
I was using yt-dlp to download YouTube videos. It has an option to obtain cookies directly from the browser, probably all of them.
Do the browsers store the cookies with any encryption?
If so, how ...
- 121
3
votes
1
answer
659
views
Browser- side caching of encrypted sensitive informations in sessionStorage?
We are currently implementing envelope encryption to securely encrypt sensitive data(name, emails, phone numbers, photo, previous employers etc.) about our users. However, we are now thinking about to ...
- 377
4
votes
1
answer
435
views
Image loaded despite Cross-Origin-Embedder-Policy: require-corp
I have a web page with a Cross-Origin-Embedder-Policy: require-corp header. When I include an cross-origin image without CORP or CORS headers in the response, I expect the image to be blocked, because ...
- 35.4k