Web & access

Even the website
respects the rules.

A privacy product can't ship a marketing site stuffed with trackers. This site is static, carries no analytics or advertising cookies, and locks down a strict Content-Security-Policy with hardened HTTP headers.

This website

Static, and locked down.

There's no application server rendering pages and no third-party script running in your browser. The hardening is enforced at the edge with HTTP response headers — here's what's actually set.

No trackers, no cookies

The site ships no analytics SDKs and no advertising cookies — fitting, given where Searxly stands on surveillance advertising. Nothing here profiles you.

Strict CSP

A Content-Security-Policy restricts scripts and styles to the site's own origin, forbids plugins and framing, and upgrades any insecure request — shrinking the attack surface for injection.

No clickjacking

frame-ancestors 'none' and X-Frame-Options: DENY mean the site can't be embedded in an iframe to trick you into clicking something you didn't mean to.

MIME & referrer hardening

X-Content-Type-Options: nosniff stops content-type confusion, and a strict referrer policy keeps your navigation from leaking across origins.

Powerful features off

A Permissions-Policy disables camera, microphone, geolocation, USB, payment and ad-topics APIs — the site never asks, so they can't be abused.

Origin isolation

Cross-Origin-Opener-Policy: same-origin isolates the browsing context from other origins, closing a class of cross-window attacks.

The headers, verbatim

Nothing hidden.

Content-Security-Policy
default-src 'self'; object-src 'none'; script-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests (connect limited to the site + the Base RPC)
X-Frame-Options
DENY
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
camera=(), microphone=(), geolocation=(), payment=(), usb=(), browsing-topics=()
Cross-Origin-Opener-Policy
same-origin

The site respects you too.

No trackers, a strict CSP, hardened headers. The app goes much further, and it's free to download.