The security
command displays information about the security and privacy settings for a website. There are two security
subcommands:
security csp
: displays information about the site's Content Security Policysecurity referrer
: displays information about the site's Referrer Policy
Content Security Policy
With the command security csp
you can display information related to the Content Security Policy for the current domain.
Executing the command opens a panel displaying the different CSP rules the domain defines with hints about their safety.
If a domain does not define any CSP, you'll see a note telling you so.
Referrer Policy
New in Firefox 43.
With the command security referrer
you can see the site's Referrer Policy.
Executing the command displays a panel which names the Referrer Policy state for the site, and spells out which HTTP referer header will be sent in the scenarios applicable to that state.
In the screenshot below the site uses the Origin Only policy.
If the site does not specify a policy, the default policy of None When Downgrade is used: