Created
October 29, 2013 23:17
-
-
Save dethe/7224448 to your computer and use it in GitHub Desktop.
Rough heuristic for determining whether a site was loaded by the user (first party vs. third party)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Heuristic for determining first party-ness | |
1. Does the request have a referrer? | |
2. Ignore requests that cannot be associated with a window (tab) | |
3. Is this request part of resolving the page (not Ajax)? | |
4. Are we able to resolve a host domain for referrer and tab URIs? | |
5. Are they the same? | |
6. Are they *not* 'about:blank'? | |
7. Ignore requests that come from within the add-on | |
8. Ignore requests that don't have a valid target or source | |
9. Ignore requests coming from localhost | |
10. Ignore requests that are neither http or https protocols (we want to extend this to include websockets and WebRTC connections). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment