allow-presentation: Lets the resource start a presentation session.
For example, this can safely sandbox an advertisement without forcing the same restrictions upon the page the ad links to.
#CNET EYEFRAME CONVERTER WINDOWS#
allow-popups-to-escape-sandbox: Lets the sandboxed document open new windows without those windows inheriting the sandboxing.
If this keyword is not used, the popup will silently fail to open.
allow-popups: Allows popups (such as window.open(), target="_blank", or showModalDialog()).
allow-pointer-lock: Lets the resource use the Pointer Lock API.
allow-orientation-lock: Lets the resource lock the screen orientation.
allow-modals: Lets the resource open modal windows.
If this keyword is not used, form submission is blocked.
allow-forms: Allows the resource to submit forms.
allow-downloads: Allows for downloads to occur with a gesture from the user.
allow-downloads-without-user-activation : Allows for downloads to occur without a gesture from the user.
The value of the attribute can either be empty to apply all restrictions, or space-separated tokens to lift particular restrictions: This value is unsafe, because it leaks origins and paths from TLS-protected resources to insecure origins.Īpplies extra restrictions to the content in the frame.
unsafe-url: The referrer will include the origin and the path (but not the fragment, password, or username).
#CNET EYEFRAME CONVERTER FULL#
strict-origin-when-cross-origin (default): Send a full URL when performing a same-origin request, only send the origin when the protocol security level stays the same (HTTPS→HTTPS), and send no header to a less secure destination (HTTPS→HTTP).
strict-origin: Only send the origin of the document as the referrer when the protocol security level stays the same (HTTPS→HTTPS), but don't send it to a less secure destination (HTTPS→HTTP).
same-origin: A referrer will be sent for same origin, but cross-origin requests will contain no referrer information.
Navigations on the same origin will still include the path.
origin-when-cross-origin: The referrer sent to other origins will be limited to the scheme, the host, and the port.
origin: The sent referrer will be limited to the origin of the referring page: its scheme, host, and port.
no-referrer-when-downgrade: The Referer header will not be sent to origins without TLS ( HTTPS).
no-referrer: The Referer header will not be sent.
Indicates which referrer to send when fetching the frame's resource: This can be used in the target attribute of the, , or elements the formtarget attribute of the or elements or the windowName parameter in the window.open() method.
lazy: Defer loading of the iframe until it reaches a calculated distance from the viewport, as defined by the browser.Ī targetable name for the embedded browsing context.
eager: Load the iframe immediately, regardless if it is outside the visible viewport (this is the default value).
Indicates how the browser should load the iframe: cspĪ Content Security Policy enforced for the embedded resource. Note: This attribute is considered a legacy attribute and redefined as allow="payment".