Security Headers not AcitveΒ #6654
Description
Current Behavior
We've recently added security headers such as Content-Security-Policy (CSP) and X-Frame-Options to enhance security and to prevent Clickjacking.
However, they don't appear to be active. You can verify this by scanning the URL at securityheaders.com.
Desired Situation
Our goal is to improve the rating on securityheaders to at least a B, ideally an A.
Contributor Resources and Handbook
The layer5.io website uses Gatsby, React, and GitHub Pages. Site content is found under the master branch.
- π See contributing instructions.
- π¨ Wireframes and designs for Layer5 site in Figma (open invite)
- ππΎππΌ Questions: Discussion Forum and Community Slack.
Join the Layer5 Community by submitting your community member form.