Add `Permissions-Policy` directive to control FLoC
doktorbro opened this issue · 3 comments
doktorbro commented
google’s floc is coming. it’s time to react.
- eff said: google’s floc is a terrible idea
- brave said: why brave disables floc
- wordpress said: treat floc like a security concern
the apache config to opt out the floc is:
<IfModule mod_headers.c>
Header always set Permissions-Policy "interest-cohort=()"
</IfModule>
LeoColomb commented
Thanks a lot for opening this issue @doktorbro!
While I'm personally in favor of blocking FLoC, I'm not sure about its addition into H5BP.
- This is quite political for now, and it's probably better to wait a bit.
- Especially regarding current web ecosystem reaction, it might be useless in few months (FLoC is "only" a experiement).
- This addition won't be enabled by default, reducing its value in short-term and its coverage.
- And finally there is already a issue regarding Permissions-Policy header: #179.
doktorbro commented
@LeoColomb if it’s better to wait then i will.