Requirement (Gold level): Secured delivery against man-in-the-middle (MITM) attacks

[UlisesGascon]

We agreed on #1175 to open an issue to follow up a discussion about this requirement for Node.js (cc: @mhdawson @ljharb @RafaelGSS)

The project website, repository (if accessible via the web), and download site (if separate) MUST include key hardening headers with nonpermissive values. (URL required)

Context

• Discussion during the last meeting (Minute 48:08)
• CII Best Practices: Security
• Team Discussion

Potential actions

TBD

[ljharb]

I assume if the website has CORS and HSTS set up, this will be satisfied.

[github-actions]

This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made.

[github-actions]

This issue has been inactive for 90 days. It will be closed in 14 days unless there is further activity or the stale label is taken off.

[github-actions]

This issue has been inactive for 90 days. It will be closed in 14 days unless there is further activity or the stale label is taken off.

[ljharb]

all the issues in this repo are probably never stale

[github-actions]

This issue has been inactive for 90 days. It will be closed in 14 days unless there is further activity or the stale label is taken off.