I've applied some additional security measures in light of the problems that impacted the federated community. We are now serving media from a subdomain, and CSP headers have been added to requests in an effort to mitigate any possible problems. I'll continue to work on this tomorrow and run some tests. Once I have confirmed that it's ay-okay, I'll make a guide and run it by the more intelligent administrators for their input and editing.