{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T23:15:45Z","timestamp":1763507745359,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":65,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,4,20]],"date-time":"2020-04-20T00:00:00Z","timestamp":1587340800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,4,20]]},"DOI":"10.1145\/3366423.3380207","type":"proceedings-article","created":{"date-parts":[[2020,5,4]],"date-time":"2020-05-04T08:11:44Z","timestamp":1588579904000},"page":"1320-1331","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["AutoNav: Evaluation and Automatization of Web Navigation Policies"],"prefix":"10.1145","author":[{"given":"Benjamin","family":"Eriksson","sequence":"first","affiliation":[{"name":"Chalmers University of Technology"}]},{"given":"Andrei","family":"Sabelfeld","sequence":"additional","affiliation":[{"name":"Chalmers University of Technology"}]}],"member":"320","published-online":{"date-parts":[[2020,4,20]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Feross Aboukhadijeh. 2011. Is Google an Open Redirector?https:\/\/feross.org\/is-google-an-open-redirector\/  Feross Aboukhadijeh. 2011. Is Google an Open Redirector?https:\/\/feross.org\/is-google-an-open-redirector\/"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2010.27"},{"volume-title":"27th {USENIX} Security Symposium ({USENIX} Security 18). 377\u2013392.","author":"Alhuzali Abeer","key":"e_1_3_2_1_3_1","unstructured":"Abeer Alhuzali , Rigel Gjomemo , Birhanu Eshete , and VN Venkatakrishnan . 2018. {NAVEX} : Precise and Scalable Exploit Generation for Dynamic Web Applications . In 27th {USENIX} Security Symposium ({USENIX} Security 18). 377\u2013392. Abeer Alhuzali, Rigel Gjomemo, Birhanu Eshete, and VN Venkatakrishnan. 2018. {NAVEX}: Precise and Scalable Exploit Generation for Dynamic Web Applications. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 377\u2013392."},{"key":"e_1_3_2_1_4_1","unstructured":"Apple Google Mozilla Microsoft. 2019. HTML Living Standard. https:\/\/html.spec.whatwg.org\/multipage\/history.html#the-location-interface  Apple Google Mozilla Microsoft. 2019. HTML Living Standard. https:\/\/html.spec.whatwg.org\/multipage\/history.html#the-location-interface"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455782"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1516046.1516066"},{"volume-title":"25th {USENIX} Security Symposium ({USENIX} Security 16). 481\u2013496.","author":"Bashir Muhammad\u00a0Ahmad","key":"e_1_3_2_1_7_1","unstructured":"Muhammad\u00a0Ahmad Bashir , Sajjad Arshad , William Robertson , and Christo Wilson . 2016. Tracing information flows between ad exchanges using retargeted ads . In 25th {USENIX} Security Symposium ({USENIX} Security 16). 481\u2013496. Muhammad\u00a0Ahmad Bashir, Sajjad Arshad, William Robertson, and Christo Wilson. 2016. Tracing information flows between ad exchanges using retargeted ads. In 25th {USENIX} Security Symposium ({USENIX} Security 16). 481\u2013496."},{"key":"e_1_3_2_1_8_1","unstructured":"BuiltWith Pty Ltd. 2018. PrestaShop Usage Statistics. https:\/\/trends.builtwith.com\/shop\/PrestaShop  BuiltWith Pty Ltd. 2018. PrestaShop Usage Statistics. https:\/\/trends.builtwith.com\/shop\/PrestaShop"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3149408"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14527-8_3"},{"key":"e_1_3_2_1_11_1","unstructured":"Dottoro. 2019. navigate method (window). http:\/\/help.dottoro.com\/ljuhrdju.php  Dottoro. 2019. navigate method (window). http:\/\/help.dottoro.com\/ljuhrdju.php"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516708"},{"key":"e_1_3_2_1_13_1","unstructured":"Ahmed Elsobky. 2016. Novel Techniques for User Deanonymization Attacks. https:\/\/0xsobky.github.io\/novel-deanonymization-techniques\/  Ahmed Elsobky. 2016. Novel Techniques for User Deanonymization Attacks. https:\/\/0xsobky.github.io\/novel-deanonymization-techniques\/"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978313"},{"key":"e_1_3_2_1_15_1","unstructured":"Facebook Inc.2018. Use Facebook Pixel. https:\/\/www.facebook.com\/business\/help\/952192354843755  Facebook Inc.2018. Use Facebook Pixel. https:\/\/www.facebook.com\/business\/help\/952192354843755"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.53"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813688"},{"key":"e_1_3_2_1_18_1","unstructured":"Nicolas Golubovic. 2013. autoCSP - CSP-injecting reverse HTTP proxy. https:\/\/golubovic.net\/thesis\/bachelor.pdf  Nicolas Golubovic. 2013. autoCSP - CSP-injecting reverse HTTP proxy. https:\/\/golubovic.net\/thesis\/bachelor.pdf"},{"key":"e_1_3_2_1_19_1","unstructured":"Google Inc. 2009. Personalized Search for everyone. https:\/\/googleblog.blogspot.com\/2009\/12\/personalized-search-for-everyone.html  Google Inc. 2009. Personalized Search for everyone. https:\/\/googleblog.blogspot.com\/2009\/12\/personalized-search-for-everyone.html"},{"key":"e_1_3_2_1_20_1","unstructured":"G\u00e1bor\u00a0Gy\u00f6rgy Guly\u00e1s Doli\u00e8re\u00a0Francis Som\u00e9 Nataliia Bielova and Claude Castelluccia. 2018. To Extend or not to Extend: on the Uniqueness of Browser Extensions and Web Logins. CoRR abs\/1808.07359(2018). arxiv:1808.07359http:\/\/arxiv.org\/abs\/1808.07359  G\u00e1bor\u00a0Gy\u00f6rgy Guly\u00e1s Doli\u00e8re\u00a0Francis Som\u00e9 Nataliia Bielova and Claude Castelluccia. 2018. To Extend or not to Extend: on the Uniqueness of Browser Extensions and Web Logins. CoRR abs\/1808.07359(2018). arxiv:1808.07359http:\/\/arxiv.org\/abs\/1808.07359"},{"key":"e_1_3_2_1_21_1","unstructured":"Scott Helme. 2018. Optimising Twitter\u2019s CSP header. https:\/\/scotthelme.co.uk\/optimising-twitters-csp-header\/  Scott Helme. 2018. Optimising Twitter\u2019s CSP header. https:\/\/scotthelme.co.uk\/optimising-twitters-csp-header\/"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"J. Hodges C. Jackson and A. Barth. 2012. HTTP Strict Transport Security (HSTS). RFC 6797. RFC Editor. http:\/\/www.rfc-editor.org\/rfc\/rfc6797.txt  J. Hodges C. Jackson and A. Barth. 2012. HTTP Strict Transport Security (HSTS). RFC 6797. RFC Editor. http:\/\/www.rfc-editor.org\/rfc\/rfc6797.txt","DOI":"10.17487\/rfc6797"},{"key":"e_1_3_2_1_23_1","unstructured":"Egor Homakov. 2014. Using Content-Security-Policy for Evil. http:\/\/homakov.blogspot.com\/2014\/01\/using-content-security-policy-for-evil.html  Egor Homakov. 2014. Using Content-Security-Policy for Evil. http:\/\/homakov.blogspot.com\/2014\/01\/using-content-security-policy-for-evil.html"},{"key":"e_1_3_2_1_24_1","unstructured":"DuckDuckGo Inc. 2018. Measuring the \u201dFilter Bubble\u201d: How Google is influencing what you click. https:\/\/spreadprivacy.com\/google-filter-bubble-study\/  DuckDuckGo Inc. 2018. Measuring the \u201dFilter Bubble\u201d: How Google is influencing what you click. https:\/\/spreadprivacy.com\/google-filter-bubble-study\/"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1367497.1367569"},{"key":"e_1_3_2_1_26_1","unstructured":"John Karahalis. 2018. Content Security Policy (CSP). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/CSP  John Karahalis. 2018. Content Security Policy (CSP). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/CSP"},{"key":"e_1_3_2_1_27_1","unstructured":"Kasper Karlsson. 2017. 179426 Reflected XSS on blockchain.info. https:\/\/hackerone.com\/reports\/179426  Kasper Karlsson. 2017. 179426 Reflected XSS on blockchain.info. https:\/\/hackerone.com\/reports\/179426"},{"key":"e_1_3_2_1_28_1","unstructured":"Christoph Kerschbaumer. 2018. 1529068 - Implement CSP \u2019navigate-to\u2019 directive. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1529068  Christoph Kerschbaumer. 2018. 1529068 - Implement CSP \u2019navigate-to\u2019 directive. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1529068"},{"key":"e_1_3_2_1_29_1","unstructured":"April King. 2016. Allow navigation to only whitelisted URLs via navigate-to 125. https:\/\/github.com\/w3c\/webappsec-csp\/issues\/125  April King. 2016. Allow navigation to only whitelisted URLs via navigate-to 125. https:\/\/github.com\/w3c\/webappsec-csp\/issues\/125"},{"key":"e_1_3_2_1_30_1","unstructured":"April King. 2018. april\/laboratory. https:\/\/github.com\/april\/laboratory  April King. 2018. april\/laboratory. https:\/\/github.com\/april\/laboratory"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"D. Kristol and L. Montulli. 2000. HTTP State Management Mechanism. RFC 2965. RFC Editor.  D. Kristol and L. Montulli. 2000. HTTP State Management Mechanism. RFC 2965. RFC Editor.","DOI":"10.17487\/rfc2965"},{"key":"e_1_3_2_1_32_1","unstructured":"Robin Linus. 2017. Your Social Media Fingerprint. https:\/\/robinlinus.github.io\/socialmedia-leak\/  Robin Linus. 2017. Your Social Media Fingerprint. https:\/\/robinlinus.github.io\/socialmedia-leak\/"},{"key":"e_1_3_2_1_33_1","unstructured":"Joe Medley. 2018. Content-Security-Policy-Report-Only. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Content-Security-Policy-Report-Only  Joe Medley. 2018. Content-Security-Policy-Report-Only. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Content-Security-Policy-Report-Only"},{"key":"e_1_3_2_1_34_1","unstructured":"Jason Morrison. 2009. Open redirect URLs: Is your site being abused?https:\/\/webmasters.googleblog.com\/2009\/01\/open-redirect-urls-is-your-site-being.html  Jason Morrison. 2009. Open redirect URLs: Is your site being abused?https:\/\/webmasters.googleblog.com\/2009\/01\/open-redirect-urls-is-your-site-being.html"},{"volume-title":"CSP \u2019navigate-to","author":"Paicu Andy","key":"e_1_3_2_1_35_1","unstructured":"Andy Paicu . 2018. CSP \u2019navigate-to \u2019 directive: Consensus & Standardization . https:\/\/www.chromestatus.com\/feature\/6457580339593216 Andy Paicu. 2018. CSP \u2019navigate-to\u2019 directive: Consensus & Standardization. https:\/\/www.chromestatus.com\/feature\/6457580339593216"},{"key":"e_1_3_2_1_36_1","unstructured":"Andy Paicu. 2018. Implement the \u2019navigation-to\u2019 directive. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=805886  Andy Paicu. 2018. Implement the \u2019navigation-to\u2019 directive. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=805886"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978384"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3313542"},{"volume-title":"Primer on Client-Side Web Security","author":"Ryck Philippe\u00a0De","key":"e_1_3_2_1_39_1","unstructured":"Philippe\u00a0De Ryck , Lieven Desmet , Frank Piessens , and Martin Johns . 2014. Primer on Client-Side Web Security . Springer . Philippe\u00a0De Ryck, Lieven Desmet, Frank Piessens, and Martin Johns. 2014. Primer on Client-Side Web Security. Springer."},{"key":"e_1_3_2_1_40_1","unstructured":"Google\u00a0Blink Security. 2018. Communication with Google\u2019s Blink security team.  Google\u00a0Blink Security. 2018. Communication with Google\u2019s Blink security team."},{"key":"e_1_3_2_1_41_1","volume-title":"Google Catches Bing Copying","author":"Singel Ryan","year":"2011","unstructured":"Ryan Singel . 2011. Google Catches Bing Copying ; Microsoft Says \u2019So What ?https:\/\/www.wired.com\/ 2011 \/02\/bing-copies-google\/ Ryan Singel. 2011. Google Catches Bing Copying; Microsoft Says \u2019So What?https:\/\/www.wired.com\/2011\/02\/bing-copies-google\/"},{"key":"e_1_3_2_1_42_1","unstructured":"Nick Statt. 2017. Advertisers are furious with Apple for new tracking restrictions in Safari 11. https:\/\/www.theverge.com\/2017\/9\/14\/16308138\/apple-safari-11-advertiser-groups-cookie-tracking-letter  Nick Statt. 2017. Advertisers are furious with Apple for new tracking restrictions in Safari 11. https:\/\/www.theverge.com\/2017\/9\/14\/16308138\/apple-safari-11-advertiser-groups-cookie-tracking-letter"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"crossref","unstructured":"Marius Steffens Christian Rossow Martin Johns and Ben Stock. 2019. Don\u2019t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.. In NDSS.  Marius Steffens Christian Rossow Martin Johns and Ben Stock. 2019. Don\u2019t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild.. In NDSS.","DOI":"10.14722\/ndss.2019.23009"},{"key":"e_1_3_2_1_44_1","unstructured":"Mark Stockley. 2015. Anatomy of a browser dilemma - how HSTS supercookies make you choose between privacy or security. https:\/\/nakedsecurity.sophos.com\/2015\/02\/02\/anatomy-of-a-browser-dilemma-how-hsts-supercookies-make-you-choose-between-privacy-or-security\/  Mark Stockley. 2015. Anatomy of a browser dilemma - how HSTS supercookies make you choose between privacy or security. https:\/\/nakedsecurity.sophos.com\/2015\/02\/02\/anatomy-of-a-browser-dilemma-how-hsts-supercookies-make-you-choose-between-privacy-or-security\/"},{"key":"e_1_3_2_1_45_1","unstructured":"The OWASP Foundation. 2017. OWASP Top 10 - 2017. https:\/\/www.owasp.org\/images\/7\/72\/OWASP_Top_10-2017_%28en%29.pdf.pdf  The OWASP Foundation. 2017. OWASP Top 10 - 2017. https:\/\/www.owasp.org\/images\/7\/72\/OWASP_Top_10-2017_%28en%29.pdf.pdf"},{"key":"e_1_3_2_1_46_1","unstructured":"The OWASP Foundation. 2017. Unvalidated Redirects and Forwards Cheat Sheet. https:\/\/www.owasp.org\/index.php\/Unvalidated_Redirects_and_Forwards_Cheat_Sheet  The OWASP Foundation. 2017. Unvalidated Redirects and Forwards Cheat Sheet. https:\/\/www.owasp.org\/index.php\/Unvalidated_Redirects_and_Forwards_Cheat_Sheet"},{"key":"e_1_3_2_1_47_1","unstructured":"The OWASP Foundation. 2018. Cross-Site Request Forgery (CSRF). https:\/\/www.owasp.org\/index.php\/Cross-Site_Request_Forgery_(CSRF)  The OWASP Foundation. 2018. Cross-Site Request Forgery (CSRF). https:\/\/www.owasp.org\/index.php\/Cross-Site_Request_Forgery_(CSRF)"},{"key":"e_1_3_2_1_48_1","unstructured":"The OWASP Foundation. 2018. Cross-site Scripting (XSS). https:\/\/www.owasp.org\/index.php\/Cross-site_Scripting_(XSS)#Stored_and_Reflected_XSS_Attacks  The OWASP Foundation. 2018. Cross-site Scripting (XSS). https:\/\/www.owasp.org\/index.php\/Cross-site_Scripting_(XSS)#Stored_and_Reflected_XSS_Attacks"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897899"},{"key":"e_1_3_2_1_50_1","volume-title":"Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018","author":"Acker Steven Van","year":"2018","unstructured":"Steven Van Acker , Daniel Hausknecht , and Andrei Sabelfeld . 2018 . Raising the Bar: Evaluating Origin-wide Security Manifests . In Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018 , San Juan, PR, USA , December 03-07, 2018. 342\u2013354. https:\/\/doi.org\/10.1145\/3274694.3274701 10.1145\/3274694.3274701 Steven Van Acker, Daniel Hausknecht, and Andrei Sabelfeld. 2018. Raising the Bar: Evaluating Origin-wide Security Manifests. In Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, December 03-07, 2018. 342\u2013354. https:\/\/doi.org\/10.1145\/3274694.3274701"},{"key":"e_1_3_2_1_51_1","unstructured":"Anne van Kesteren. 2018. Fetch Standard. https:\/\/fetch.spec.whatwg.org\/concept-request-destination  Anne van Kesteren. 2018. Fetch Standard. https:\/\/fetch.spec.whatwg.org\/concept-request-destination"},{"key":"e_1_3_2_1_52_1","unstructured":"Anne van Kesteren. 2019. Fetch Living Standard. https:\/\/fetch.spec.whatwg.org\/concept-request-destination  Anne van Kesteren. 2019. Fetch Living Standard. https:\/\/fetch.spec.whatwg.org\/concept-request-destination"},{"key":"e_1_3_2_1_53_1","unstructured":"Mehdi Vasigh. 2018. Window.open(). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Window\/open  Mehdi Vasigh. 2018. Window.open(). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Window\/open"},{"key":"e_1_3_2_1_54_1","volume-title":"Data Broker\u2019s Advertising Interface. In 2018 IEEE Symposium on Security and Privacy (SP). 89\u2013107","author":"Venkatadri G.","year":"2018","unstructured":"G. Venkatadri , A. Andreou , Y. Liu , A. Mislove , K.\u00a0 P. Gummadi , P. Loiseau , and O. Goga . 2018. Privacy Risks with Facebook\u2019s PII-Based Targeting: Auditing a Data Broker\u2019s Advertising Interface. In 2018 IEEE Symposium on Security and Privacy (SP). 89\u2013107 . https:\/\/doi.org\/10.1109\/SP. 2018 .00014 10.1109\/SP.2018.00014 G. Venkatadri, A. Andreou, Y. Liu, A. Mislove, K.\u00a0P. Gummadi, P. Loiseau, and O. Goga. 2018. Privacy Risks with Facebook\u2019s PII-Based Targeting: Auditing a Data Broker\u2019s Advertising Interface. In 2018 IEEE Symposium on Security and Privacy (SP). 89\u2013107. https:\/\/doi.org\/10.1109\/SP.2018.00014"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00030"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978363"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_11"},{"key":"e_1_3_2_1_58_1","unstructured":"Mike West. 2016. Allow navigation to only whitelisted URLs via navigate-to 125. https:\/\/github.com\/w3c\/webappsec-csp\/issues\/125#issuecomment-251975791  Mike West. 2016. Allow navigation to only whitelisted URLs via navigate-to 125. https:\/\/github.com\/w3c\/webappsec-csp\/issues\/125#issuecomment-251975791"},{"key":"e_1_3_2_1_59_1","unstructured":"Mike West. 2017. Origin Policy. https:\/\/wicg.github.io\/origin-policy\/  Mike West. 2017. Origin Policy. https:\/\/wicg.github.io\/origin-policy\/"},{"key":"e_1_3_2_1_60_1","unstructured":"Mike West. 2017. Origin Policy. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=751996  Mike West. 2017. Origin Policy. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=751996"},{"key":"e_1_3_2_1_61_1","unstructured":"Mike West. 2018. Content Security Policy Level 3. https:\/\/www.w3.org\/TR\/CSP3\/  Mike West. 2018. Content Security Policy Level 3. https:\/\/www.w3.org\/TR\/CSP3\/"},{"key":"e_1_3_2_1_62_1","unstructured":"Mike West. 2019. Incrementally Better Cookies. https:\/\/tools.ietf.org\/html\/draft-west-cookie-incrementalism-00  Mike West. 2019. Incrementally Better Cookies. https:\/\/tools.ietf.org\/html\/draft-west-cookie-incrementalism-00"},{"key":"e_1_3_2_1_63_1","unstructured":"Mike West Adam Barth and Dan Veditz. 2016. Content Security Policy Level 2. https:\/\/www.w3.org\/TR\/CSP2\/  Mike West Adam Barth and Dan Veditz. 2016. Content Security Policy Level 2. https:\/\/www.w3.org\/TR\/CSP2\/"},{"key":"e_1_3_2_1_64_1","unstructured":"Yan (bcrypt). 2015. @bcrypt - Advanced Browser Fingerprinting - Toorcon 2015. https:\/\/www.infosecurity.us\/blog\/2015\/11\/8\/toorcon-2015-advanced-browser-fingerprinting  Yan (bcrypt). 2015. @bcrypt - Advanced Browser Fingerprinting - Toorcon 2015. https:\/\/www.infosecurity.us\/blog\/2015\/11\/8\/toorcon-2015-advanced-browser-fingerprinting"},{"key":"e_1_3_2_1_65_1","unstructured":"Michal Zalewski. 2011. Postcards from the post-XSS world. http:\/\/lcamtuf.coredump.cx\/postxss\/  Michal Zalewski. 2011. Postcards from the post-XSS world. http:\/\/lcamtuf.coredump.cx\/postxss\/"}],"event":{"name":"WWW '20: The Web Conference 2020","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"],"location":"Taipei Taiwan","acronym":"WWW '20"},"container-title":["Proceedings of The Web Conference 2020"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3366423.3380207","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3366423.3380207","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:33:01Z","timestamp":1750199581000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3366423.3380207"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,4,20]]},"references-count":65,"alternative-id":["10.1145\/3366423.3380207","10.1145\/3366423"],"URL":"https:\/\/doi.org\/10.1145\/3366423.3380207","relation":{},"subject":[],"published":{"date-parts":[[2020,4,20]]},"assertion":[{"value":"2020-04-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}