[enhancement] How can we fix Content Security Policy， Subresource Integrity and X-Content-Type-Options..

hellotham / hello-astro

Hello Astro is a multi purpose Astro starter theme written in Typescript, TailwindCSS and AlpineJS. It supports Markdown and MDX based pages and blog posts.

https://hellotham.github.io/hello-astro

MIT License

158 stars 55 forks source link

[enhancement] How can we fix Content Security Policy， Subresource Integrity and X-Content-Type-Options.. #21

Open mobilelifeful opened 1 year ago

mobilelifeful commented 1 year ago

https://observatory.mozilla.org/analyze/hellotham.github.io

Thank you.

ChristineTham commented 1 year ago

Hello

Unfortunately, the implementation of X-Frame-Options header and Content Security Policy’s frame-ancestors is deployment dependent and must be implemented in the web server, not as meta tags in the code.

In any case, content security policy is not a set and forget setting, so it's best that this is something you review and declare yourself.