Display security and privacy policies

In This Article

The security command displays information about the security and privacy settings for a website. There are two security subcommands:

security csp: displays information about the site's Content Security Policy
security referrer: displays information about the site's Referrer Policy

Content Security Policy

With the command security csp you can display information related to the Content Security Policy for the current domain.

Executing the command opens a panel displaying the different CSP rules the domain defines with hints about their safety.

CSP panel displayed when executing 'security csp' via the developer toolbar for pages not defining any CSP

If a domain does not define any CSP, you'll see a note telling you so.

CSP panel displayed when executing 'security csp' via the developer toolbar for pages not defining any CSP

Referrer Policy

New in Firefox 43.

With the command security referrer you can see the site's Referrer Policy.

Executing the command displays a panel which names the Referrer Policy state for the site, and spells out which HTTP referer header will be sent in the scenarios applicable to that state.

In the screenshot below the site uses the Origin Only policy.

If the site does not specify a policy, the default policy of None When Downgrade is used:

Document Tags and Contributors

Tags:

Contributors to this page: wbamberg, Sebastianz

Last updated by: wbamberg, Dec 16, 2015, 9:17:42 AM