security: add CSP headers and upgrade Font Awesome to latest version with SRI

index.html

@@ -4,13 +4,20 @@
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Paris Hotels Under 300€ Per Night</title>
+    <meta http-equiv="X-Content-Type-Options" content="nosniff">
+    <meta name="referrer" content="strict-origin-when-cross-origin">
+    <meta http-equiv="Permissions-Policy" content="geolocation=(), microphone=(), camera=(), payment=(), usb=()">
+    <!-- It's generally recommended to set X-Frame-Options as an HTTP header by the server for better protection -->
+    <!-- Example: X-Frame-Options: DENY or X-Frame-Options: SAMEORIGIN -->
+    <!-- The CSP 'frame-ancestors' directive below provides similar protection -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://unpkg.com https://umami-ikow84gco0wcw8cgsc8o08g8.reflectonai.com; style-src 'self' https://unpkg.com https://cdn.jsdelivr.net; img-src 'self' data: https://pplx-res.cloudinary.com; font-src 'self' https://cdn.jsdelivr.net; connect-src 'self' https://umami-ikow84gco0wcw8cgsc8o08g8.reflectonai.com; frame-ancestors 'none'; object-src 'none'; base-uri 'self';">
     <link rel="stylesheet" href="style.css">
     <!-- Leaflet CSS -->
     <link rel="stylesheet" href="https://unpkg.com/leaflet@1.9.4/dist/leaflet.css"
           integrity="sha256-p4NxAoJBhIIN+hmNHrzRCf9tD/miZyoHS5obTRR9BMY="
           crossorigin=""/>
     <!-- Font Awesome for icons -->
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.7.2/css/all.min.css" integrity="sha256-dABdfBfUoC8vJUBOwGVdm8L9qlMWaHTIfXt+7GnZCIo=" crossorigin="anonymous">
     <script defer src="https://umami-ikow84gco0wcw8cgsc8o08g8.reflectonai.com/script.js" data-website-id="70ad3fb0-dbf5-4c16-8a27-cfe1f6510f89"></script>
 </head>
 <body>