44r0n7/privacy.sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e95b2ba2179e40c0033a51b0087871dbfdc32d78
privacy.sexy/src/presentation/index.html
undergroundwires ba5b29a35d Improve security and privacy with strict meta tags 
This commit introduces two meta tags to strengthen the application's
security posture and enhance user privacy, following best practices and
OWASP recommendations.

- Add Content-Security-Policy (CSP) to strictly to strictly control
  which resources the application is allowed, mitigating the risk of
  code injection attacks such as Cross-Site Scripting (XSS).
- Add `referrer` meta tag to prevent the users' browser from sending the
  page's address, or referrer, when navigating to another site, thereby
  enhancing user privacy.
2023-12-06 15:08:58 +01:00

53 lines
1.7 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<title>Privacy is sexy 🍑🍆 - Enforce privacy & security on Windows, macOS and Linux</title>
<meta name="robots" content="index,follow" />
<meta name="description"
content="Web tool to generate scripts for enforcing privacy & security best-practices such as stopping data collection of Windows and different softwares on it." />
<link rel="icon" href="/favicon.ico">
<!-- Security meta tags based on OWASP recommendations, see https://owasp.org/www-project-secure-headers/ci/headers_add.json -->
<meta
http-equiv="Content-Security-Policy"
content="
default-src 'self';
style-src 'self' 'unsafe-inline';
img-src 'self' data:;
form-action 'self';
object-src 'none';
upgrade-insecure-requests;
block-all-mixed-content;
"
>
<meta name="referrer" content="no-referrer">
</head>
<body>
<noscript>
<style>
#javascriptDisabled {
background: #eceef1;
margin: 5rem auto;
max-width: 800px;
font-size: 7px;
padding: 3rem;
border: 1px solid#333a45;
font-size: 1.5rem;
line-height: 150%;
font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', 'Consolas', 'source-code-pro', monospace;
}
</style>
<div id="javascriptDisabled">
<h1>Problem loading page</h1>
<p>The page does not work without JavaScript enabled. Please enable it to use privacy.sexy. There's no shady stuff
as 100% of the website is open source.</p>
</div>
</noscript>
<div id="app"></div>
<script type="module" src="/main.ts"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink