layer5 icon indicating copy to clipboard operation
layer5 copied to clipboard
Published 3 weeks ago β€’ verified publisher icon layer5io

Security Headers not Acitve

Open LibenHailu opened this issue 5 months ago β€’ 4 comments

Current Behavior

We've recently added security headers such as Content-Security-Policy (CSP) and X-Frame-Options to enhance security and to prevent Clickjacking. However, they don't appear to be active. You can verify this by scanning the URL at securityheaders.com.

Desired Situation

Our goal is to improve the rating on securityheaders to at least a B, ideally an A.

Contributor Resources and Handbook

The layer5.io website uses Gatsby, React, and GitHub Pages. Site content is found under the master branch.

Join the Layer5 Community by submitting your community member form.

LibenHailu avatar Jul 22 '25 15:07 LibenHailu

@ShashaankS @saurabhraghuvanshii

LibenHailu avatar Jul 22 '25 15:07 LibenHailu

@LibenHailu https://github.com/layer5io/layer5/pull/6649 This pr fixes this issue, removing the existing security header setup as github pages don't support it. Adding a frame-busting script to stop reframing of websites.

ShashaankS avatar Jul 22 '25 15:07 ShashaankS

Is this Issue still open, I would like to work on it

SplinterSword avatar Sep 07 '25 15:09 SplinterSword

Sure @SplinterSword

vr-varad avatar Sep 07 '25 15:09 vr-varad