How to check for a new instance request
When a new instance request is submitted, follow these steps to ensure the instance meets the requirements.
Feel free to edit this page if you have additional steps to suggest.
Tip
To get notifications for every new issue or comment in the repository, enable "watch repository" on GitHub:
- Examine the source code of the instance on key pages like the channel page, home page, and popular page.
- Check for any modifications compared to a vanilla instance.
- If modifications are found and the instance does not provide a source code URL, request the modifications to be published.
- Review the page source code for tracking scripts or suspicious scripts. If you find any, request that the instance owner remove them.
- Scripts that appear strange or potentially malicious are not permitted. Common examples you may encounter are Cloudflare Web Analytics or Cloudflare JavaScript detections. However, there is also the possibility of more nefarious scripts like cryptominers or information stealers.
- To help with identifying trackers and scripts, use the network tab in your web browser's developer tools or browser extensions like uBlock Origin or uMatrix. These tools can help reveal what scripts are loading and where they originate from.
- Verify that the instance has properly configured security headers. This includes headers like
Content-Security-Policy(CSP),Strict-Transport-Security(HSTS),X-Content-Type-Options,X-Frame-Options, etc. - Use tools like Security Headers or Mozilla Observatory to audit the security headers.
- If any critical security headers are missing or misconfigured, request the instance administrator to address them.
Note
The frame-ancestors directive in the Content-Security-Policy header obsoletes the X-Frame-Options header for browsers that support CSP. If a browser supports CSP, it will ignore the X-Frame-Options header when a frame-ancestors directive is present.
- Verify that the instance has completed all the steps in the post-install configuration as outlined in the documentation, including settings like
https_only,domain, etc. - Request the RSS feed of a channel (example on the yewtu.be instance). If
https://theinstancedomain.comappears after<media:thumbnail url=", the configuration is correct.
- Ensure the instance is up-to-date, preferably no more than 2 weeks old.
- If not, request the instance to be updated and emphasize the importance of keeping it current.
- Check if the instance is behind a CDN like Cloudflare. If so, verify that it is mentioned in the "Man in the Middle" section.
- Confirm that the instance administrator has followed the two tutorials: IPv6 rotator and Improving instance performance. The IPv6 rotator is mandatory.
Use GitHub labels like "passed-checks", "passed-uptime", or "failed-checks" to assist maintainers in tracking the status of each instance.
Review the Uptime Robot link to assess the instance's uptime over the last 30 days.
If the uptime is satisfactory, repeat the initial checks outlined above.
If the instance passes all checks, add it to the end of the list in the instances.md file. Mention Cloudflare usage if applicable.
Close the issue.