@techreport{steckbeck-ua-conn-sec-00,
    number =    {draft-steckbeck-ua-conn-sec-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-steckbeck-ua-conn-sec/00/},
    author =    {David Steckbeck},
    title =     {{User Agent Connection Security}},
    pagetotal = 6,
    year =      2023,
    month =     mar,
    day =       12,
    abstract =  {The user agent to server transaction has many attack surfaces which have been defended by various recommendations such as Content Security Policy. An attack vector that is currently exploited is the open connection policy to first, second- and third-party resources. A breach of the origin website or other connected resource could require the client to load resources from a malicious network. This document provides a framework which allows authors to publish authorized connectable second- and third-party resources that a user agent should or must follow depending on configuration of that user agent.},
}