From 5c787c1af055f52d5dea725a50f13722bd7a630c Mon Sep 17 00:00:00 2001
From: default <nobody@localhost>
Date: Sun, 21 Jan 2024 19:13:40 +0100
Subject: [PATCH] Updated documentation.

---
 doc/snac.8 | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/doc/snac.8 b/doc/snac.8
index 05991e1..f58ad45 100644
--- a/doc/snac.8
+++ b/doc/snac.8
@@ -179,9 +179,11 @@ By setting this to true, no email notification will be sent for any user.
 .It Ic disable_inbox_collection
 By setting this to true, no inbox collection is done. Inbox collection helps
 being discovered from remote instances, but also increases network traffic.
-.It http_headers
+.It Ic http_headers
 If you need to add more HTTP response headers for whatever reason, you can
-fill this object with the required header/value pairs.
+fill this object with the required header/value pairs. For example, for enhanced
+XSS security, you can set the "Content-Security-Policy" header to "script-src ;"
+to be totally sure that no JavaScript is executed.
 .It Ic show_instance_timeline
 If this is set to true, the instance base URL will show a timeline with the latest
 user posts instead of the default greeting static page. If other information