Setting up the Content-Security-Policy (CSP) requires a fine-tuned configuration to allow or block the loading of resources. Here, I cover my approach to set my CSP and the reasoning behind some of my choices.

GitHub Pages offers free hosting for static sites; however, it doesn't provide any way to control the HTTP headers. This limitation directly affects multiple configuration options, and opens the door to potential vulnerabilities. With that in mind, I decided to work around it and add extra security to my website by using Cloudflare’s to control my HTTP Security Headers.