#112 Consider implementing NEL Shield
Opened 21 days ago by polcak. Modified 21 days ago


We researched Data Protection and Security Issues With Network Error Logging and it seems that we should add a shield to JShelter to protect users from NEL tracking.


  1. Only Chromium-based browsers are affected ATM.
  2. Brave does not support NEL.
  3. For Firefox, see https://github.com/mozilla/standards-positions/issues/99

Pages affected: The deployment raised from 0 to 11.73 % (almost 2,250,000 unique domains) since 2019. Current deployment is dominated by Cloudflare. See https://arxiv.org/pdf/2305.01249.pdf.

Expected result

  1. JShelter removes NEL headers from HTTP replies.
  2. Consider removal of Report-To headers.
  3. JShelter should insert policy removing previous NEL policy (validity = 0), see the paper for reasoning.

Additional information / notes

We will work on the issue after migration to MV3.

Login to comment on this ticket.