PopStateEvent interfaceSupport in all current engines.
event.stateReturns a copy of the information that was provided to pushState() or replaceState().
HashChangeEvent interfaceSupport in all current engines.
event.oldURLReturns the URL of the session history entry that was previously current.
event.newURLReturns the URL of the session history entry that is now current.
PageTransitionEvent interfaceSupport in all current engines.
event.persistedFor the pageshow event, returns false if the page is
newly being loaded (and the load event will fire). Otherwise,
returns true.
For the pagehide event, returns false if the page is
going away for the last time. Otherwise, returns true, meaning that the page might be reused if
the user navigates back to this page (if the Document's salvageable state stays true).
Things that can cause the page to be unsalvageable include:
Document alive in a session
history entry after unloadiframes that are not salvageableWebSocket objectsDocumentBeforeUnloadEvent interfaceSupport in all current engines.
There are no BeforeUnloadEvent-specific initialization methods.
The BeforeUnloadEvent interface is a legacy interface which allows prompting to unload to be controlled not only by canceling the
event, but by setting the returnValue
attribute to a value besides the empty string. Authors should use the preventDefault() method, or other means of canceling
events, instead of using returnValue.
X-Frame-Options` headerSupport in all current engines.
The `X-Frame-Options` HTTP response header is a legacy way
of controlling whether and how a Document may be loaded inside of a child
browsing context. It is obsoleted by the frame-ancestors CSP directive, which provides more granular control over the
same situations. It was originally defined in HTTP Header Field X-Frame-Options, but
the definition here supersedes that document. [CSP] [RFC7034]
In particular, HTTP Header Field X-Frame-Options specified an `ALLOW-FROM` variant of the header, but that is not to be implemented.
If both
a CSP frame-ancestors directive and an
`X-Frame-Options` header are used in the same response, then `X-Frame-Options` is ignored.
For web developers and conformance checkers, its value ABNF is:
X-Frame-Options = "DENY" / "SAMEORIGIN" The following table illustrates the processing of various values for the header, including non-conformant ones:
`X-Frame-Options` | Valid | Result |
|---|---|---|
`DENY` | ✅ | embedding disallowed |
`SAMEORIGIN` | ✅ | same-origin embedding allowed |
`INVALID` | ❌ | embedding allowed |
`ALLOWALL` | ❌ | embedding allowed |
`ALLOW-FROM=https://example.com/` | ❌ | embedding allowed (from anywhere) |
The following table illustrates how various non-conformant cases involving multiple values are processed:
`X-Frame-Options` | Result |
|---|---|
`SAMEORIGIN, SAMEORIGIN` | same-origin embedding allowed |
`SAMEORIGIN, DENY` | embedding disallowed |
`SAMEORIGIN,` | embedding disallowed |
`SAMEORIGIN, ALLOWALL` | embedding disallowed |
`SAMEORIGIN, INVALID` | embedding disallowed |
`ALLOWALL, INVALID` | embedding disallowed |
`ALLOWALL,` | embedding disallowed |
`INVALID, INVALID` | embedding allowed |
The same results are obtained whether the values are delivered in a single header whose value is comma-delimited, or in multiple headers.
Refresh` headerThe `Refresh` HTTP response header is the HTTP-equivalent
to a meta element with an http-equiv
attribute in the Refresh state. It takes the same value and works largely the same.
Its processing model is detailed in create and
initialize a Document object.