Closed CluEleSsUK closed 1 year ago
Linking PR: https://github.com/drand/timevault/pull/42
copying my comment from the PR here for completeness:
I hoped to add: x-frame-options, x-content-type-options and permissions-policy too, but this isn't possible via tags and github pages on cloud enterprise doesn't have an option to manage response headers >.> I checked and strict transport security is already enabled
edit: STS is enabled for me but wasn't a response header - perhaps I inherited it from drand.love mainsite
update: indeed, when I open it in incognito, this also isn't set - HTTP gets redirected to HTTPS though
We could also put it behind Cloudflare, I guess.
Agree - I think that’s the simplest option
We know have Cloudflare in front of the Github Pages