diff --git a/content/docs/attacks/browser-features/corb.md b/content/docs/attacks/browser-features/corb.md index 10d2d6d10..c9cf52366 100644 --- a/content/docs/attacks/browser-features/corb.md +++ b/content/docs/attacks/browser-features/corb.md @@ -52,9 +52,8 @@ CORB can also allow attackers to detect when the `nosniff` header is present in | [SameSite Cookies (Lax)]({{< ref "/docs/defenses/opt-in/same-site-cookies.md" >}}) | [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) | [Isolation Policies]({{< ref "/docs/defenses/isolation-policies" >}}) | | :--------------------------------------------------------------------------------: | :-------------------------------------------------: | :---------------------------------------------------------------: | :-----------------------------------------------------------------------------------------------------------------------------------------------------: | -| ✔️ | ❌ | ❌ | [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}}) 🔗 [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | +| ✔️ | ❌ | ❌ | [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}}) | -🔗 – Defense mechanisms must be combined to be effective against different scenarios. {{< hint tip >}} Developers can deploy [CORP]({{< ref "/docs/defenses/opt-in/corp.md" >}}) in an application's subresources to force a protection similar to CORB that does not inspect responses to decide when to act. To prevent attackers from abusing this XS-Leak, generic XS-Leaks defense mechanisms are also effective.