On Wed, Aug 12, 2015 at 8:16 AM, Julian Reschke <julian.reschke@gmx.de> wrote: > > Then why do you have both comma and semicolon-delimited parameters? That > sounds very confusing. Commas come from misconfigured servers that send multiple `Clear-Site-Data` headers. That is: ``` Clear-Site-Data: a Clear-Site-Data: b ``` For CSP it's actually critical that we group the policy defined by a single header together as a unit (as `default-src 'none'; script-src 'self'` is _very_ different from `default-src 'none', script-src 'self'`). For `Clear-Site-Data` it isn't (yet?) critical, but following that pattern seems reasonable. -mike
Received on Wednesday, 12 August 2015 06:20:48 UTC