You are not logged in.

#1 2017-08-24 22:33:10

Registered: 2015-08-10
Posts: 2,678

Content-Security-Policy header on

HTTP requests to our forum now carry some new HTTP headers, esp. Content-Security-Policy.

content-security-policy: default-src 'self'
referrer-policy: no-referrer-when-downgrade
x-xss-protection: 1

… which raises our score to an A in's scan. Nice. Who doesn't like getting As?

AFAICT Content-Security-Policy is going to break Greasemonkey for users who use custom scripts on our site, so let me know if you face any problems.

Wahllos schlägt das Schicksal zu / heute ich und morgen du.


Board footer

Powered by FluxBB