Security & Privacy (Public)

This page contains security audit results that are safe to publish publicly for users. Private infrastructure details are intentionally not disclosed.

Public Audit Snapshot

Last updated: 2026-02-17.

  • HTTP is redirected to HTTPS (301), and the site is served fully over HTTPS.
  • HSTS is active (Strict-Transport-Security) to prevent protocol downgrade to HTTP.
  • Anti-clickjacking headers are active: X-Frame-Options: DENY and CSP frame-ancestors protection.
  • Header hardening is active: X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/CORP.
  • CSP enforces restrictive rules for script/style/frame/object through response headers.

What Users Should Know

  • No Roblox login is required. Never enter Roblox password, token, or cookie here.
  • This tool is for RNG planning. It is not an exploit, not an injector, and does not require executables.
  • Use only official domains: firng.silentprotocol.top and silentprotocol.top.
  • Community Build is public. Do not post personal data, personal email, or account-sensitive info.

Data & Privacy

  • Core odds calculations are processed in-browser for normal usage.
  • Community Build content (posts, ratings, votes, comments) is stored on the app server for shared visibility.
  • Anti-spam mechanisms use anonymous browser client identifiers (local storage), not game account credentials.
  • Donation links (Buy Me a Coffee/Saweria) are external; transactions follow each platform policy.

Scope Limits of Public Audit

  • Only controls that can be publicly verified from web responses and app behavior are published here.
  • Private details such as internal topology, service-account identity, and detailed firewall rules are not publicized.
  • This audit is not a zero-risk guarantee. Keep personal account security practices when using community tools.

Report Issues

If you find a security issue, phishing clone, or community-feature abuse, report it through the footer contact link.

Back to HomeOpen Feature Tutorial