cross-posted from: https://indie-ver.se/post/20213

Hi again!

I am trying to improve the security for my website, but I am unsure of which paths federation and API traffic hits, and which paths should be exempt from e.g. Javascript challenges? Could somebody give me some insight into this?