We are conducting a scientific study to determine the adoption of Fetch Metadata among CruX top 50K websites. Our goal is to identify how many websites use Fetch Metadata to protect their endpoints and which Fetch Metadata isolation policies are commonly used.
Fetch Metadata is a collection of HTTP headers that provides web servers with supplementary context regarding HTTP requests. This contextual information empowers servers to make decisions about allowing requests based on their origin and intended use. Consequently, Fetch Metadata enables the deployment of robust defense-in-depth mechanisms, refered to as isolation policies, to safeguard applications against prevalent cross-origin attacks.
Additional information:
In this study, we make 12 HTTP requests per endpoint and test a maximum of 50 endpoints per website. It's important to note that we are not performing any state-changing requests.
The testing phase is scheduled from April 23, 2024, to June 30, 2024
Yes, the results will be made available as soon as the study will be published. More information will follow.
If you have any questions or concerns about our study, please feel free to contact us: