Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Security: Content Security Policy
You might want to set a content security policy header for privileged areas (ucp, mcp, acp) and the login / registration pages. Ideally, you would do it globally tbh, it should help to kill off any unwanted scripts that might be running for whatever reason, whether it's a XSS flaw or something else.

Forum Jump:

Users browsing this thread: 1 Guest(s)