"base-uri 'self'", # only local pages
"frame-ancestors 'none'", # prevent malicious embedding
])));
+header('Referrer-Policy: no-referrer-when-downgrade');
$Page->place += [
'user' => $User->login ?: '',
include_once 'edit/head.inc.php';
}
-if (isset($Page->raw)) {
+if (isset($Page->raw)
+and @$_SERVER['HTTP_ACCEPT'] !== 'application/xml') {
$Page->raw = '<div class="static">'."\n\n".$Page->raw."</div>\n\n";
}