You are not logged in.

#1 2017-08-24 22:33:10

Registered: 2015-08-10
Posts: 2,424

Content-Security-Policy header on

HTTP requests to our forum now carry some new HTTP headers, esp. Content-Security-Policy.

content-security-policy: default-src 'self'
referrer-policy: no-referrer-when-downgrade
x-xss-protection: 1

… which raises our score to an A in's scan. Nice. Who doesn't like getting As?

AFAICT Content-Security-Policy is going to break Greasemonkey for users who use custom scripts on our site, so let me know if you face any problems.

Tempus fugit


Board footer

Powered by FluxBB