diff --git a/de.systopia.civiproxy-0.6.0.tar.gz b/de.systopia.civiproxy-0.6.0.tar.gz
new file mode 100644
index 0000000..26fd7bf
Binary files /dev/null and b/de.systopia.civiproxy-0.6.0.tar.gz differ
diff --git a/proxy/config.dist.php b/proxy/config.dist.php
index 7ddeef4..703b270 100644
--- a/proxy/config.dist.php
+++ b/proxy/config.dist.php
@@ -52,7 +52,6 @@ $target_open      = $target_civicrm . '/civicrm/mailing/open';
 #$target_url       = $target_civicrm . '/sites/all/modules/civicrm/extern/url.php';
 #$target_open      = $target_civicrm . '/sites/all/modules/civicrm/extern/open.php';
 
-
 /****************************************************************
  **                    GENERAL OPTIONS                         **
  ****************************************************************/
@@ -91,6 +90,23 @@ if (file_exists(dirname(__FILE__)."/secrets.php")) {
   require "secrets.php";
 }
 
+// Parameter whitelisting for open tracking and URL tracking
+// basic civicrm URL/open parameter are u, q and qid (as int)
+// If additional parameters are needed, best practise would be to whitelist each one as needed in
+// $valid_url_parameters and/or $valid_open_parameters.
+// Alternatively it is also possible to allow all parameters with the wildcard parameter '*' => 'string'
+$valid_url_parameters = [
+    'u'   => 'int',
+    'q'   => 'int',
+    'qid' => 'int',
+//    '*'   => 'string'     // whildcard, whitelist all url parameters
+];
+$valid_open_parameters = [
+    'u'   => 'int',
+    'q'   => 'int',
+    'qid' => 'int',
+//    '*'   => 'string'     // wildcard, whitelist *all* open parameters
+];
 
 /****************************************************************
  **                   File Caching Options                     **
diff --git a/proxy/open.php b/proxy/open.php
index c4e1200..fb45410 100644
--- a/proxy/open.php
+++ b/proxy/open.php
@@ -16,11 +16,5 @@ if (!$target_open) civiproxy_http_error("Feature disabled", 405);
 // basic check
 civiproxy_security_check('open');
 
-// basic restraints
-$valid_parameters = [
-  'q'   => 'int',
-  'qid' => 'int',
-];
-
-$parameters = civiproxy_get_parameters($valid_parameters);
+$parameters = civiproxy_get_parameters($valid_open_parameters);
 civiproxy_redirect($target_open, $parameters);
diff --git a/proxy/url.php b/proxy/url.php
index 83555cd..b68839c 100644
--- a/proxy/url.php
+++ b/proxy/url.php
@@ -16,11 +16,5 @@ if (!$target_url) civiproxy_http_error("Feature disabled", 405);
 // basic check
 civiproxy_security_check('url');
 
-// basic restraints
-$valid_parameters = array(  'u'   => 'int',
-                            'q'   => 'int',
-                            'qid' => 'int',
-                            '*'   => 'string');
-
-$parameters = civiproxy_get_parameters($valid_parameters);
+$parameters = civiproxy_get_parameters($valid_url_parameters);
 civiproxy_redirect($target_url, $parameters);