{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T06:56:08Z","timestamp":1769928968643,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":76,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-sa\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484739","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"1771-1788","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers"],"prefix":"10.1145","author":[{"given":"Lukas","family":"Knittel","sequence":"first","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]},{"given":"Christian","family":"Mainka","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]},{"given":"Marcus","family":"Niemietz","sequence":"additional","affiliation":[{"name":"Niederrhein University of Applied Sciences, Krefeld, Germany"}]},{"given":"Dominik Trevor","family":"No\u00df","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]},{"given":"J\u00f6rg","family":"Schwenk","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Princeton University","author":"Acar Gunes","year":"2018","unstructured":"Gunes Acar and Frank Li of UC Berkeley Danny Y. Huang, Princeton University. 2018. MediaError message property leaks cross-origin response status. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=828265. (April 2018)."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3229565.3229568"},{"key":"e_1_3_2_1_3_1","unstructured":"Devdatta Akhawe Frederik Braun Francois Marier and Joel Weinberger. 2016. Subresource Integrity. W3C Recommendation. W3C. https:\/\/www.w3.org\/TR\/2016\/REC-SRI-20160623\/."},{"key":"e_1_3_2_1_4_1","volume-title":"Safari Privacy Overview. https:\/\/www.apple.com\/safari\/docs\/Safari_White_Paper_Nov_2019.pdf. (November","year":"2019","unstructured":"Apple. 2019. Safari Privacy Overview. https:\/\/www.apple.com\/safari\/docs\/Safari_White_Paper_Nov_2019.pdf. (November 2019)."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"crossref","unstructured":"A. Barth. 2011. The Web Origin Concept. RFC 6454. IETF. http:\/\/tools.ietf.org\/rfc\/rfc6454.txt","DOI":"10.17487\/rfc6454"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242656"},{"key":"e_1_3_2_1_7_1","volume-title":"X-frame-options: All about clickjacking.","author":"Braun Frederik","year":"2013","unstructured":"Frederik Braun and Mario Heiderich. 2013. X-frame-options: All about clickjacking. (2013). https:\/\/cure53.de\/xfo-clickjacking.pdf"},{"key":"e_1_3_2_1_8_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Calzavara Stefano","year":"2020","unstructured":"Stefano Calzavara, Sebastian Roth, Alvise Rabitti, Michael Backes, and Ben Stock. 2020. A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 683--697. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/calzavara"},{"key":"e_1_3_2_1_9_1","unstructured":"Chris Evans. 2009. Cross-domain search timing. (2009). https:\/\/scarybeastsecurity.blogspot.com\/2009\/12\/cross-domain-search-timing.html"},{"key":"e_1_3_2_1_10_1","volume-title":"https:\/\/www.chromestatus.com\/feature\/5021976655560704. (June","author":"Status Chrome Platform","year":"2020","unstructured":"Chrome Platform Status. 2020. XSS Auditor (removed). https:\/\/www.chromestatus.com\/feature\/5021976655560704. (June 2020)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1983.1056650"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380207"},{"key":"e_1_3_2_1_13_1","volume-title":"Cross-domain leaks of site logins. https:\/\/scarybeastsecurity.blogspot.com\/2008\/08\/cross-domain-leaks-of-sitelogins.html. (August","author":"Evans Chris","year":"2008","unstructured":"Chris Evans. 2008. Cross-domain leaks of site logins. https:\/\/scarybeastsecurity.blogspot.com\/2008\/08\/cross-domain-leaks-of-sitelogins.html. (August 2008)."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Daniel Fett Ralf Kuesters and Guido Schmitz. 2014. An Expressive Model for the Web Infrastructure: Definition and Application to the BrowserID SSO System. (2014). arXiv:cs.CR\/1403.1866","DOI":"10.1109\/SP.2014.49"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"I. Fette and A. Melnikov. 2011. The WebSocket Protocol. RFC 6455. IETF. http:\/\/tools.ietf.org\/rfc\/rfc6455.txt","DOI":"10.17487\/rfc6455"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813688"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/11555827_28"},{"key":"e_1_3_2_1_18_1","unstructured":"Jeremiah Grossman. 2012. I Know What Websites You Are Logged-In To (Login-Detection via CSRF). http:\/\/blog.whitehatsec.com\/i-know-what-websites-you-are-logged-in-to-login-detection-via-csrf\/. (October 2012)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897901"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3267323.3268959"},{"key":"e_1_3_2_1_21_1","volume-title":"https:\/\/github.com\/cure53\/HTTPLeaks. (June","author":"Heiderich Mario","year":"2020","unstructured":"Mario Heiderich. 2020. HTTPLeaks. https:\/\/github.com\/cure53\/HTTPLeaks. (June 2020)."},{"key":"e_1_3_2_1_22_1","unstructured":"Mario Heiderich Alex Inf\u00fchr Fabian F\u00e4\u00dfler Nikolei Krein Masato Kinugawa Tsang-Chi Hong Dario Wei\u00dfler and Paula Pustulka. 2017. Cure53's Browser Security White Paper. (2017). https:\/\/raw.githubusercontent.com\/cure53\/browsersec-whitepaper\/master\/browser-security-whitepaper.pdf"},{"key":"e_1_3_2_1_23_1","volume-title":"XS-Leaks in redirect flows. https:\/\/docs.google.com\/presentation\/d\/1rlnxXUYHY9CHgCMckZsCGH4VopLo4DYMvAcOltma0og. (January","author":"Herrera Luan","year":"2020","unstructured":"Luan Herrera. 2020. XS-Leaks in redirect flows. https:\/\/docs.google.com\/presentation\/d\/1rlnxXUYHY9CHgCMckZsCGH4VopLo4DYMvAcOltma0og. (January 2020)."},{"key":"e_1_3_2_1_24_1","volume-title":"Abusing Chrome's XSS auditor to steal tokens. https:\/\/portswigger.net\/research\/abusing-chromes-xss-auditor-to-steal-tokens. (August","author":"Heyes Gareth","year":"2015","unstructured":"Gareth Heyes. 2015. Abusing Chrome's XSS auditor to steal tokens. https:\/\/portswigger.net\/research\/abusing-chromes-xss-auditor-to-steal-tokens. (August 2015)."},{"key":"e_1_3_2_1_25_1","volume-title":"XS-Leak: Leaking IDs using focus. https:\/\/portswigger.net\/research\/xs-leak-leaking-ids-using-focus. (October","author":"Heyes Gareth","year":"2019","unstructured":"Gareth Heyes. 2019. XS-Leak: Leaking IDs using focus. https:\/\/portswigger.net\/research\/xs-leak-leaking-ids-using-focus. (October 2019)."},{"key":"e_1_3_2_1_26_1","volume-title":"Blocking mode uBlock Wiki. https:\/\/github.com\/gorhill\/uBlock\/wiki\/Blocking-mode. (October","author":"Hill Raymond","year":"2020","unstructured":"Raymond Hill. 2020. Blocking mode uBlock Wiki. https:\/\/github.com\/gorhill\/uBlock\/wiki\/Blocking-mode. (October 2020)."},{"key":"e_1_3_2_1_27_1","volume-title":"Disclose domain of redirect destination taking adventadge of CSP. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=313737. (October","author":"Homakov Egor","year":"2013","unstructured":"Egor Homakov. 2013. Disclose domain of redirect destination taking adventadge of CSP. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=313737. (October 2013)."},{"key":"e_1_3_2_1_28_1","unstructured":"Ian Jacobs Zach Koch Domenic Denicola Roy McElmurry Rouslan Solomakhin and Marcos Caceres. 2019. Payment Request API. Candidate Recommendation. W3C. https:\/\/www.w3.org\/TR\/2019\/CR-payment-request-20191212\/#showmethod."},{"key":"e_1_3_2_1_29_1","unstructured":"Arvind Jain Zhiheng Wang Anderson Quach Jatinder Mann and Todd Reifsteck. 2017. Resource Timing Level 1. Candidate Recommendation. W3C. https:\/\/www.w3.org\/TR\/2017\/CR-resource-timing-1--20170330\/#resourcesincluded."},{"key":"e_1_3_2_1_30_1","volume-title":"Information Leaks via Safari's Intelligent Tracking Prevention. https:\/\/arxiv.org\/abs\/2001.07421. (January","author":"Janc Artur","year":"2020","unstructured":"Artur Janc, Krzysztof Kotowicz, Lukas Weichselbaum, and Roberto Clapis. 2020. Information Leaks via Safari's Intelligent Tracking Prevention. https:\/\/arxiv.org\/abs\/2001.07421. (January 2020)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW51379.2020.00096"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.23104"},{"key":"e_1_3_2_1_33_1","volume-title":"Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020","author":"Karami Soroush","year":"2020","unstructured":"Soroush Karami, Panagiotis Ilia, Konstantinos Solomos, and Jason Polakis. 2020. Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23--26, 2020. The Internet Society."},{"key":"e_1_3_2_1_34_1","volume-title":"Gaining security and privacy by partitioning the cache. https:\/\/developers.google.com\/web\/updates\/2020\/10\/http-cache-partitioning. (October","author":"Kitamura Eiji","year":"2020","unstructured":"Eiji Kitamura. 2020. Gaining security and privacy by partitioning the cache. https:\/\/developers.google.com\/web\/updates\/2020\/10\/http-cache-partitioning. (October 2020)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"e_1_3_2_1_36_1","volume-title":"Identifying Cross-origin Resource Status Using Application Cache. In 22nd Network and Distributed System Security Symposium (NDSS","author":"Lee Sangho","year":"2015","unstructured":"Sangho Lee, Hyungsub Kim, and Jong Kim. 2015. Identifying Cross-origin Resource Status Using Application Cache. In 22nd Network and Distributed System Security Symposium (NDSS 2015). https:\/\/www.microsoft.com\/en-us\/research\/publication\/identifying-cross-origin-resource-status-using-application-cache\/"},{"key":"e_1_3_2_1_37_1","volume-title":"The Unexpected Dangers of Dynamic JavaScript. In 24th USENIX Security Symposium (USENIX Security 15)","author":"Lekies Sebastian","year":"2015","unstructured":"Sebastian Lekies, Ben Stock, Martin Wentzel, and Martin Johns. 2015. The Unexpected Dangers of Dynamic JavaScript. In 24th USENIX Security Symposium (USENIX Security 15). 723--735. https:\/\/publications.cispa.saarland\/987\/pub_id:1055 Bibtex: lekies2015unexpected URL date: None."},{"key":"e_1_3_2_1_38_1","volume-title":"Browser Side Channels. https:\/\/github.com\/xsleaks\/xsleaks\/wiki\/Browser-Side-Channels. (September","author":"Masas Ron","year":"2019","unstructured":"Ron Masas. 2019. Browser Side Channels. https:\/\/github.com\/xsleaks\/xsleaks\/wiki\/Browser-Side-Channels. (September 2019)."},{"key":"e_1_3_2_1_39_1","volume-title":"Server Side Redirect Detection. https:\/\/xsleaks.github.io\/xsleaks\/examples\/redirect\/. (September","author":"Masas Ron","year":"2019","unstructured":"Ron Masas. 2019. Server Side Redirect Detection. https:\/\/xsleaks.github.io\/xsleaks\/examples\/redirect\/. (September 2019)."},{"key":"e_1_3_2_1_40_1","volume-title":"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Fetch_API. (June","author":"MDN","year":"2020","unstructured":"MDN web docs. 2020. Fetch API. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Fetch_API. (June 2020)."},{"key":"e_1_3_2_1_41_1","volume-title":"Cached and Confused: Web Cache Deception in the Wild. (12","author":"Mirheidari Seyed","year":"2019","unstructured":"Seyed Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda, and William Robertson. 2019. Cached and Confused: Web Cache Deception in the Wild. (12 2019)."},{"key":"e_1_3_2_1_42_1","volume-title":"Retrofitting Fine Grain Isolation in the Firefox Renderer. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Narayan Shravan","year":"2020","unstructured":"Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan. 2020. Retrofitting Fine Grain Isolation in the Firefox Renderer. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 699--716. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/narayan"},{"key":"e_1_3_2_1_43_1","volume-title":"Out of the Dark: UI Redressing and Trustworthy Events","author":"Niemietz Marcus","unstructured":"Marcus Niemietz and J\u00f6rg Schwenk. 2018. Out of the Dark: UI Redressing and Trustworthy Events. In Cryptology and Network Security, Srdjan Capkun and Sherman S. M. Chow (Eds.). Springer International Publishing, Cham, 229--249."},{"key":"e_1_3_2_1_44_1","volume-title":"5th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs","author":"Olejnik Lukasz","year":"2012","unstructured":"Lukasz Olejnik, Claude Castelluccia, and Artur Janc. 2012. Why johnny can't browse in peace: On the uniqueness of web browsing history patterns. In 5th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2012)."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"S. Roth Timothy Barron S. Calzavara Nick Nikiforakis and Ben Stock. 2020. Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies. In NDSS.","DOI":"10.14722\/ndss.2020.23046"},{"key":"e_1_3_2_1_46_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Schwenk J\u00f6rg","year":"2017","unstructured":"J\u00f6rg Schwenk, Marcus Niemietz, and Christian Mainka. 2017. Same-origin policy: Evaluation in modern browsers. In 26th USENIX Security Symposium (USENIX Security 17). 713--727."},{"key":"e_1_3_2_1_47_1","volume-title":"12th USENIX Workshop on Offensive Technologies (WOOT 18)","author":"Smith Michael","year":"2018","unstructured":"Michael Smith, Craig Disselkoen, Shravan Narayan, Fraser Brown, and Deian Stefan. 2018. Browser history re: visited. In 12th USENIX Workshop on Offensive Technologies (WOOT 18)."},{"key":"e_1_3_2_1_48_1","unstructured":"Jungkee Song Alex Russell Marijn Kruisselbrink and Jake Archibald. 2019. Service Workers 1. Candidate Recommendation. W3C. https:\/\/www.w3.org\/TR\/2019\/CR-service-workers-1--20191119\/."},{"key":"e_1_3_2_1_49_1","unstructured":"Web Platform Tests \/ Open Source. 2021. Web Platform Tests Github Page. (2021). https:\/\/github.com\/web-platform-tests\/wpt"},{"key":"e_1_3_2_1_50_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Staicu Cristian-Alexandru","year":"2019","unstructured":"Cristian-Alexandru Staicu and Michael Pradel. 2019. Leaky images: targeted privacy attacks in the web. In 28th USENIX Security Symposium (USENIX Security 19). 923--939."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24278"},{"key":"e_1_3_2_1_52_1","volume-title":"Security: XSS filter information leak. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=396544. (July","author":"Terada Takeshi","year":"2014","unstructured":"Takeshi Terada. 2014. Security: XSS filter information leak. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=396544. (July 2014)."},{"key":"e_1_3_2_1_53_1","volume-title":"Mass XS-Search using Cache Attack. https:\/\/medium.com\/@terjanq\/massive-xs-search-over-multiple-google-products-416e50dd2ec6. (November","year":"2019","unstructured":"Terjanq. 2019. Mass XS-Search using Cache Attack. https:\/\/medium.com\/@terjanq\/massive-xs-search-over-multiple-google-products-416e50dd2ec6. (November 2019)."},{"key":"e_1_3_2_1_54_1","volume-title":"Protected tweets exposure through the URL. https:\/\/hackerone.com\/reports\/491473. (April","year":"2019","unstructured":"terjanq. 2019. Protected tweets exposure through the URL. https:\/\/hackerone.com\/reports\/491473. (April 2019)."},{"key":"e_1_3_2_1_55_1","volume-title":"Twitter: Detect X-Frame-Options header in Chrome. https:\/\/twitter.com\/terjanq\/status\/1111600071014080517. (March","year":"2019","unstructured":"terjanq. 2019. Twitter: Detect X-Frame-Options header in Chrome. https:\/\/twitter.com\/terjanq\/status\/1111600071014080517. (March 2019)."},{"key":"e_1_3_2_1_56_1","volume-title":"Issue 1157818: performance API reveals information about redirects (XS-Leak). https:\/\/crbug.com\/1157818. (December","year":"2020","unstructured":"terjanq. 2020. Issue 1157818: performance API reveals information about redirects (XS-Leak). https:\/\/crbug.com\/1157818. (December 2020)."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813632"},{"key":"e_1_3_2_1_58_1","volume-title":"29th {USENIX} Security Symposium (USENIX Security 20). 1985--2002.","author":"Goethem Tom Van","unstructured":"Tom Van Goethem, Christina P\u00f6pper, Wouter Joosen, and Mathy Vanhoef. 2020. Timeless timing attacks: Exploiting concurrency to leak secrets over remote connections. In 29th {USENIX} Security Symposium (USENIX Security 20). 1985--2002."},{"key":"e_1_3_2_1_59_1","unstructured":"Eduardo Vela. 2019. HTTP Cache Cross-Site Leaks. http:\/\/sirdarckcat.blogspot.com\/2019\/03\/http-cache-cross-site-leaks.html. (March 2019)."},{"key":"e_1_3_2_1_60_1","unstructured":"Markus Vervier Michele Orr\u00f9 Berend-Jan Wever and Eric Sesterhenn. 2017. Cure53's Browser Security White Paper. (2017). https:\/\/browser-security.x41-dsec.de\/X41-Browser-Security-White-Paper.pdf"},{"key":"e_1_3_2_1_61_1","volume-title":"CSP: frame-ancestors. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Content-Security-Policy\/frame-ancestors. (November","author":"Nweb","year":"2019","unstructured":"MDNweb docs. 2019. CSP: frame-ancestors. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Content-Security-Policy\/frame-ancestors. (November 2019)."},{"key":"e_1_3_2_1_62_1","volume-title":"Web APIs: History. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/History. (February","author":"MDN","year":"2020","unstructured":"MDN web docs. 2020. Web APIs: History. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/History. (February 2020)."},{"key":"e_1_3_2_1_63_1","volume-title":"Cross-origin leakage with security policy violation events and paths in source expressions. https:\/\/lists.w3.org\/Archives\/Public\/publicwebappsec\/2013May\/0022.html. (May","author":"West Mike","year":"2013","unstructured":"Mike West. 2013. Cross-origin leakage with security policy violation events and paths in source expressions. https:\/\/lists.w3.org\/Archives\/Public\/publicwebappsec\/2013May\/0022.html. (May 2013)."},{"key":"e_1_3_2_1_64_1","unstructured":"Mike West. 2018. Content Security Policy Level 3. W3C Working Draft. W3C. https:\/\/www.w3.org\/TR\/2018\/WD-CSP3--20181015\/."},{"key":"e_1_3_2_1_65_1","volume-title":"Fetch Metadata Request Headers. https:\/\/w3c.github.io\/webappsec-fetch-metadata\/. (April","author":"West Mike","year":"2020","unstructured":"Mike West. 2020. Fetch Metadata Request Headers. https:\/\/w3c.github.io\/webappsec-fetch-metadata\/. (April 2020)."},{"key":"e_1_3_2_1_66_1","volume-title":"Fetch - Living Standard: Cross-Origin-Resource-Policy header. https:\/\/fetch.spec.whatwg.org\/#cross-origin-resource-policy-header. (August","author":"Web Hypertext Application Technology Working Group (WHATWG). 2020.","year":"2020","unstructured":"Web Hypertext Application Technology Working Group (WHATWG). 2020. Fetch - Living Standard: Cross-Origin-Resource-Policy header. https:\/\/fetch.spec.whatwg.org\/#cross-origin-resource-policy-header. (August 2020)."},{"key":"e_1_3_2_1_67_1","volume-title":"Fetch - Living Standard: HTTP-redirect fetch. https:\/\/fetch.spec.whatwg.org\/#httpredirect-fetch. (August","author":"Web Hypertext Application TechnologyWorking Group (WHATWG). 2020.","year":"2020","unstructured":"Web Hypertext Application TechnologyWorking Group (WHATWG). 2020. Fetch - Living Standard: HTTP-redirect fetch. https:\/\/fetch.spec.whatwg.org\/#httpredirect-fetch. (August 2020)."},{"key":"e_1_3_2_1_68_1","volume-title":"Fetch - Living Standard: Requests. https:\/\/fetch.spec.whatwg.org\/#requests. (August","author":"Web Hypertext Application TechnologyWorking Group (WHATWG). 2020.","year":"2020","unstructured":"Web Hypertext Application TechnologyWorking Group (WHATWG). 2020. Fetch - Living Standard: Requests. https:\/\/fetch.spec.whatwg.org\/#requests. (August 2020)."},{"key":"e_1_3_2_1_69_1","volume-title":"HTML - Living Standard: contentDocument. https:\/\/html.spec.whatwg.org\/multipage\/iframe-embed-object.html#dom-iframe-contentdocument. (August","author":"Web Hypertext Application Technology Working Group (WHATWG). 2020.","year":"2020","unstructured":"Web Hypertext Application Technology Working Group (WHATWG). 2020. HTML - Living Standard: contentDocument. https:\/\/html.spec.whatwg.org\/multipage\/iframe-embed-object.html#dom-iframe-contentdocument. (August 2020)."},{"key":"e_1_3_2_1_70_1","volume-title":"HTML - Living Standard: Navigating to a fragment. https:\/\/html.spec.whatwg.org\/multipage\/browsing-the-web.html#scroll-to-fragid. (August","author":"Web Hypertext Application Technology Working Group (WHATWG). 2020.","year":"2020","unstructured":"Web Hypertext Application Technology Working Group (WHATWG). 2020. HTML - Living Standard: Navigating to a fragment. https:\/\/html.spec.whatwg.org\/multipage\/browsing-the-web.html#scroll-to-fragid. (August 2020)."},{"key":"e_1_3_2_1_71_1","volume-title":"https:\/\/xsleaks.com\/docs\/attacks\/browserfeatures\/corb\/. (October","author":"Wiki Leaks","year":"2020","unstructured":"XS-Leaks Wiki. 2020. CORB Leaks. https:\/\/xsleaks.com\/docs\/attacks\/browserfeatures\/corb\/. (October 2020)."},{"key":"e_1_3_2_1_72_1","volume-title":"https:\/\/xsleaks.com\/docs\/attacks\/browserfeatures\/corp\/. (October","author":"Wiki Leaks","year":"2020","unstructured":"XS-Leaks Wiki. 2020. CORP Leaks. https:\/\/xsleaks.com\/docs\/attacks\/browserfeatures\/corp\/. (October 2020)."},{"key":"e_1_3_2_1_73_1","volume-title":"Preventing Tracking Prevention Tracking. https:\/\/webkit.org\/blog\/9661\/preventing-tracking-prevention-tracking\/. (December","author":"Wilander John","year":"2019","unstructured":"John Wilander. 2019. Preventing Tracking Prevention Tracking. https:\/\/webkit.org\/blog\/9661\/preventing-tracking-prevention-tracking\/. (December 2019)."},{"key":"e_1_3_2_1_74_1","volume-title":"Full Third-Party Cookie Blocking and More. https:\/\/webkit.org\/blog\/10218\/full-third-party-cookie-blocking-and-more\/. (March","author":"Wilander John","year":"2020","unstructured":"John Wilander. 2020. Full Third-Party Cookie Blocking and More. https:\/\/webkit.org\/blog\/10218\/full-third-party-cookie-blocking-and-more\/. (March 2020)."},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.21"},{"key":"e_1_3_2_1_76_1","volume-title":"XS-Leak with Resource Timing API and CSP Embedded Enforcement. https:\/\/crbug.com\/1105875. (July","author":"Yoneuchi Takashi","year":"2019","unstructured":"Takashi Yoneuchi. 2019. XS-Leak with Resource Timing API and CSP Embedded Enforcement. https:\/\/crbug.com\/1105875. (July 2019)."}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484739","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484739","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:48:46Z","timestamp":1763498926000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484739"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":76,"alternative-id":["10.1145\/3460120.3484739","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484739","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}