{
  "version": 1,
  "product": "RetroEP",
  "site": "https://retroep.com",
  "domains": ["retroep.com", "www.retroep.com"],
  "ports": [443],
  "protocols": ["https"],
  "endpoints": [
    {
      "url": "https://retroep.com/api/room.php",
      "method": "POST",
      "contentType": "application/json",
      "purpose": "Room create, join, poll, and mutations (HTTP polling — no WebSockets)"
    }
  ],
  "tls": {
    "issuer": "Let's Encrypt",
    "trustAnchor": "ISRG Root X1",
    "note": "Leaf chain includes ISRG Root X1 cross-sign for enterprise trust stores"
  },
  "thirdParty": {
    "scripts": false,
    "analytics": false,
    "advertising": false,
    "cdn": false,
    "websockets": false,
    "cookies": false
  },
  "network": {
    "pollingIntervalSeconds": "1–6",
    "corporateNatFriendly": true,
    "description": "Same-origin HTTPS POST only; works through SSL inspection when corporate root CA is trusted"
  },
  "data": {
    "accountsRequired": false,
    "sessionEphemeral": true,
    "exportClientSide": true,
    "piiGuidance": "Do not enter sensitive personal data on cards; export before room expiry"
  },
  "securityHeaders": [
    "Strict-Transport-Security (preload)",
    "Content-Security-Policy (default-src self, no third-party connect)",
    "X-Frame-Options DENY",
    "Cross-Origin-Opener-Policy same-origin",
    "Cross-Origin-Resource-Policy same-origin",
    "Permissions-Policy (sensors disabled)"
  ],
  "documentation": {
    "networkHelp": "https://retroep.com/network-help/",
    "itAllowlist": "https://retroep.com/network-help/it-allowlist/",
    "securityTxt": "https://retroep.com/.well-known/security.txt"
  },
  "contentSecurityPolicy": "default-src 'self'; connect-src 'self'; script-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests"
}
