Requirement (Gold level): Secured delivery against man-in-the-middle (MITM) attacks

[UlisesGascon]

We agreed on #1175 to open an issue to follow up a discussion about this requirement for Node.js (cc: @mhdawson @ljharb @RafaelGSS)

The project website, repository (if accessible via the web), and download site (if separate) MUST include key hardening headers with nonpermissive values. (URL required)

Context

• Discussion during the last meeting (Minute 48:08)
• CII Best Practices: Security
• Team Discussion

Potential actions

TBD

[ljharb]

I assume if the website has CORS and HSTS set up, this will be satisfied.

[github-actions[bot]]

This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made.