X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=docs%2Fdocs%2Fconfiguration%2Fhardening.md;h=521183f7dc5c10e5c6cc2e3072d86b47bd98a7d3;hb=f94e8a3713e5cadb67b53ea05a2bc38eb562c2f5;hp=3011812fc8d5f244f6242e0c967a0e12312f8dff;hpb=f90552f62e7a7b3414e57387f97741b9b253d0e1;p=akkoma

diff --git a/docs/docs/configuration/hardening.md b/docs/docs/configuration/hardening.md
index 3011812fc..521183f7d 100644
--- a/docs/docs/configuration/hardening.md
+++ b/docs/docs/configuration/hardening.md
@@ -27,14 +27,13 @@ This will send additional HTTP security headers to the clients, including:
 * `X-Permitted-Cross-Domain-Policies: "none"`
 * `X-Frame-Options: "DENY"`
 * `X-Content-Type-Options: "nosniff"`
-* `X-Download-Options: "noopen"`
 
 A content security policy (CSP) will also be set:
 
 ```csp
 content-security-policy:
   default-src 'none';
-  base-uri 'self';
+  base-uri 'none';
   frame-ancestors 'none';
   img-src 'self' data: blob: https:;
   media-src 'self' https:;
@@ -52,19 +51,15 @@ content-security-policy:
 
 An additional âStrict transport securityâ header will be sent with the configured `sts_max_age` parameter. This tells the browser, that the domain should only be accessed over a secure HTTPs connection.
 
-#### `ct_max_age`
-
-An additional âExpect-CTâ header will be sent with the configured `ct_max_age` parameter. This enforces the use of TLS certificates that are published in the certificate transparency log. (see [Expect-CT](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT))
-
 #### `referrer_policy`
 
 > Recommended value: `same-origin`
 
-If you click on a link, your browserâs request to the other site will include from where it is coming from. The âReferrer policyâ header tells the browser how and if it should send this information. (see [Referrer policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy))
+If you click on a link, your browserâs request to the other site will include from where it is coming from. The âReferrer policyâ header tells the browser how and if it should send this information. (see [Referrer policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy)). `no-referrer` can be used if a referrer is not needed for improved privacy.
 
 ## systemd
 
-A systemd unit example is provided at `installation/pleroma.service`.
+A systemd unit example is provided at `installation/akkoma.service`.
 
 ### PrivateTmp