MapQueueBeta

Security

How MapQueue protects players

MapQueue is a beta community platform. The goal is to keep player risk low, ask for only the access needed to run playtests, and make the trust model clear before anyone joins a queue or server.

What we never ask for

  • No Steam password.
  • No Steam Guard code.
  • No inventory trade confirmation.
  • No custom launcher, anti-cheat, executable, DLL, script, or browser extension.

How Steam login works

Steam login redirects to Steam Community OpenID and returns only a public SteamID. MapQueue does not see, receive, or store Steam credentials. Players should only enter Steam credentials on steamcommunity.com.

Server safety model

  • The website sends normal CS2 connect information for approved playtest matches.
  • CS2 server control uses server-side RCON secrets that are not sent to the browser.
  • Admin actions are restricted to authenticated admin users.
  • Browser sessions use signed httpOnly cookies and same-site request checks for unsafe API methods.
  • Security headers are applied globally, including frame blocking, content type protection, and a CSP.

Safe beta checklist

  • Use the official MapQueue domain or Discord links shared by admins.
  • Do not download files from players who claim they are required for MapQueue.
  • Report suspicious links, impersonation, or requests for credentials through Support or Discord.
  • Keep Steam and CS2 updated before joining community servers.