You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: Observatory alert threshold D→F (D is max achievable on GitHub Pages)
GitHub Pages cannot set HSTS/X-Frame-Options/X-Content-Type-Options HTTP
headers. The current D/35 score is the maximum achievable without Cloudflare.
Changed threshold to only alert on F. Also removed @claude auto-fix trigger
from Observatory issue body to prevent unwanted AI-generated changes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
'[View the full Observatory report](https://observatory.mozilla.org/analyze/icube-emu.com)',
498
-
'**Fixable via `<meta>` tag (implemented in `src/app/layout.tsx`):**\n- Content Security Policy\n- Referrer-Policy',
499
-
'**Requires HTTP headers (not possible on GitHub Pages without Cloudflare):**\n- `Strict-Transport-Security` (HSTS)\n- `X-Frame-Options`\n- `X-Content-Type-Options`',
499
+
'> **⚠️ GitHub Pages limitation:** `Strict-Transport-Security` (HSTS, 25 pts), `X-Frame-Options` (5 pts), and `X-Content-Type-Options` (5 pts) require HTTP response headers which GitHub Pages cannot set. The maximum achievable score without Cloudflare is ~35/100 (grade D). To reach A/B, route traffic through Cloudflare and add headers via a Transform Rule.',
500
+
'**Already implemented via `<meta>` tag (`src/app/layout.tsx`):**\n- Content Security Policy\n- Referrer-Policy',
500
501
`_Auto-opened by [Site Audit](${runUrl})_`,
501
-
'> **⚠️ GitHub Pages limitation:** HSTS (`Strict-Transport-Security`) and `X-Frame-Options` require HTTP response headers which GitHub Pages cannot set. The maximum achievable score on GitHub Pages is ~55/100 (grade C). To reach A/B, route traffic through Cloudflare (free plan) and add headers via a Cloudflare Transform Rule.',
502
-
`@claude Please check the current Observatory score and investigate what can still be improved. Some headers can be set via \`<meta>\` tags (CSP, referrer-policy). Check \`src/app/layout.tsx\` for the existing CSP meta tag and update it if needed.\n\n**Steps:**\n1. Review [the report](https://observatory.mozilla.org/analyze/icube-emu.com) — identify any remaining fixable issues\n2. Create a working branch: \`git checkout -b claude/fix-security-headers\`\n3. Update the CSP in \`src/app/layout.tsx\` if any issues are fixable via meta tag\n4. Push and create a PR: \`git push -u origin HEAD && gh pr create --title "fix: improve security headers" --base main\`\n5. Enable auto-merge: \`gh pr merge --auto --squash\``,
0 commit comments