MDN’s new design is in Beta! A sneak peek: https://blog.mozilla.org/opendesign/mdns-new-design-beta/

Display security and privacy policies

The security command displays information about the security and privacy settings for a website. There are two security subcommands:

Content Security Policy

With the command security csp you can display information related to the Content Security Policy for the current domain.

Executing the command opens a panel displaying the different CSP rules the domain defines with hints about their safety.

CSP panel displayed when executing 'security csp' via the developer toolbar for pages not defining any CSP

If a domain does not define any CSP, you'll see a note telling you so.

CSP panel displayed when executing 'security csp' via the developer toolbar for pages not defining any CSP

Referrer Policy

New in Firefox 43.

With the command security referrer you can see the site's Referrer Policy.

Executing the command displays a panel which names the Referrer Policy state for the site, and spells out which HTTP referer header will be sent in the scenarios applicable to that state.

In the screenshot below the site uses the Origin Only policy.

If the site does not specify a policy, the default policy of None When Downgrade  is used:

Document Tags and Contributors

 Contributors to this page: wbamberg, Sebastianz
 Last updated by: wbamberg,