You are not logged in.

#1 2017-08-24 22:33:10

Registered: 2015-08-10
Posts: 2,966

Content-Security-Policy header on

HTTP requests to our forum now carry some new HTTP headers, esp. Content-Security-Policy.

content-security-policy: default-src 'self'
referrer-policy: no-referrer-when-downgrade
x-xss-protection: 1

… which raises our score to an A in's scan. Nice. Who doesn't like getting As?

AFAICT Content-Security-Policy is going to break Greasemonkey for users who use custom scripts on our site, so let me know if you face any problems.

Per aspera ad astra.


Board footer

Powered by FluxBB