feel free to keep it strictly simple...

Content Security Policy (CSP)

Code in htaccess file

Starting with LEPTON 7.1.0 we automatically add a .htaccess file to your root to reduce XSS risks on modern browsers.

For more details please read CSP-Site , but there are lots of sites on the net to spread more informations. Please use your favourite searchmachine.

If you already got a htaccess file in your root please consider to add  the code on the bottom.

The content of the added access file is:

# reduce XSS risks on modern browsers, for details see https://content-security-policy.com/ <IfModule mod_headers.c> Header always set Referrer-Policy "same-origin" Header set X-XSS-Protection "1; mode=block" Header set X-Frame-Options "SAMEORIGIN" Header set X-Content-Type-Options "nosniff" Header set X-Permitted-Cross-Domain-Policies "none" </IfModule>
last edit: 12. Feb 2024 CET 16:43:24

Please also see further htaccess details.