Open
Description
We agreed on #1175 to open an issue to follow up a discussion about this requirement for Node.js (cc: @mhdawson @ljharb @RafaelGSS)
The project website, repository (if accessible via the web), and download site (if separate) MUST include key hardening headers with nonpermissive values. (URL required)
Context
- Discussion during the last meeting (Minute 48:08)
- CII Best Practices: Security
- Team Discussion
Potential actions
TBD