hello-astro [enhancement] How can we fix Content Security Policy， Subresource Integrity and X-Content-Type-Options..

[enhancement] How can we fix Content Security Policy， Subresource Integrity and X-Content-Type-Options..

Open mobilelifeful opened this issue 1 year ago • 1 comments

https://observatory.mozilla.org/analyze/hellotham.github.io

Thank you.

Aug 27 '23 21:08 mobilelifeful

Hello

Unfortunately, the implementation of X-Frame-Options header and Content Security Policy’s frame-ancestors is deployment dependent and must be implemented in the web server, not as meta tags in the code.

In any case, content security policy is not a set and forget setting, so it's best that this is something you review and declare yourself.

Sep 15 '23 23:09 ChristineTham

hello-astro hello-astro copied to clipboard

[enhancement] How can we fix Content Security Policy， Subresource Integrity and X-Content-Type-Options..

hello-astro
hello-astro copied to clipboard