From 3cd547870cd9721a7ed3048f399215ec6a32616f Mon Sep 17 00:00:00 2001
From: Marcin Rataj <lidel@lidel.org>
Date: Tue, 8 Jun 2021 15:34:37 +0200
Subject: [PATCH] docs: improved security notes

Improved README based on changes from #148
---
 README.md | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 557290d2..6ab45555 100644
--- a/README.md
+++ b/README.md
@@ -4,18 +4,27 @@
 
 View the Public Gateway Checker on GitHub Pages: https://ipfs.github.io/public-gateway-checker/
 
-[![Screenshot of Public Gateway Checker](https://gateway.ipfs.io/ipfs/QmdRug9VoYcuaSC2c5KkJuxYfYNvUWdUdZhm5VmNimjfLd)](https://ipfs.github.io/public-gateway-checker/)
+[![Screenshot of Public Gateway Checker](https://user-images.githubusercontent.com/157609/121194149-c612a300-c86e-11eb-99fc-b47335b573de.png)](https://ipfs.github.io/public-gateway-checker/)
+
+
+## SECURITY NOTES
+
+- With the exception of `ipfs.io` and `dweb.link`, all gateways listed are hosted by third parties and should be treated as such.
+- Gateways without origin isolation will be marked with ⚠️, indicating they are not safe for use cases that require private local storage of data or credentials. [Learn more](https://github.com/ipfs/public-gateway-checker/issues/150).
 
-**NOTE:** With the exception of `ipfs.io` and `dweb.link`, all gateways listed are hosted by third parties and should be treated as such.
 
 ## Adding a new public gateway
 
+
 If you'd like to add a new public gateway, please edit `gateways.json`:
 1. Add the gateway's address to the bottom of the list
 2. Make sure the final item in the list does **not** have a comma at the end, but all preceding items do
+3. If you care about security of websites loaded via your gateway, make sure it is set up as a [subdomain gateway](https://docs.ipfs.io/how-to/address-ipfs-on-web/#subdomain-gateway). See [config docs](https://github.com/ipfs/go-ipfs/blob/master/docs/config.md#gatewaypublicgateways) and  [recipes](https://github.com/ipfs/go-ipfs/blob/master/docs/config.md#gateway-recipes) for go-ipfs, and [learn more here](https://github.com/ipfs/public-gateway-checker/issues/150).
 
 Then, submit a pull request for this change. Be sure to follow all the directions in the pull request template so your PR can be triaged as quickly as possible.
 
+
+
 ## Testing locally
 
 ```console