You are not logged in.

#1 2017-08-24 22:33:10

twoion
ほやほや
Registered: 2015-08-10
Posts: 2,368

Content-Security-Policy header on forums.bunsenlabs.org

HTTP requests to our forum now carry some new HTTP headers, esp. Content-Security-Policy.

content-security-policy: default-src 'self'
referrer-policy: no-referrer-when-downgrade
x-xss-protection: 1

… which raises our score to an A in securityheaders.io's scan. Nice. Who doesn't like getting As?

AFAICT Content-Security-Policy is going to break Greasemonkey for users who use custom scripts on our site, so let me know if you face any problems.


A silent kite against the blue, blue sky

Offline

Board footer

Powered by FluxBB