Phase 6 ํ์. ์ฌ์ฉ์ ๋ช ๋ น(์์๊ด๋ฆฌ์) ๊ธฐ๋ฐ 8 ํ๋ณด ์ค 6๊ฐ ์์จ ์งํ (Inquiry ์ฒจ๋ถํ์ผ์ ์ฐ์ ์์ ๋ฎ์ + ๋ฉํฐํํธ ์ฒ๋ฆฌ ๋ถ๋ด์ผ๋ก SKIP). 7 task ๋ชจ๋ PASS โ OG PNG fallback / fetchpriority+decoding / Resource Hints / CSP+๋ณด์ ํค๋ / ์๋ ์ธ์ด detection / BreadcrumbList + E2E ๊ฒ์ฆ.
| ํญ๋ชฉ | ๊ฒฐ๊ณผ |
|---|---|
| OG image PNG fallback | 12 PNG ์ฌ์ ์์ฑ (95-127KB), /og/<slug>.png endpoint, Cache-Control 1d |
| fetchpriority + decoding=async | ๋ฉ์ธ + 11 ํ๋ก๊ทธ๋จ + 33 ์ธ์ด๋ณ = 56 ํ์ด์ง ์ฒซ ์ด๋ฏธ์ง์ fetchpriority="high" decoding="async" |
| Resource Hints | dns-prefetch + preconnect (fonts.googleapis.com, fonts.gstatic.com), 61 ํ์ด์ง ์ ์ฉ, ํฐํธ 100-200ms ๋จ์ถ |
| ๋ณด์ ํค๋ | X-Content-Type-Options / X-Frame-Options / Referrer-Policy / Permissions-Policy / CSP (default-src self + script/style/img/font/connect/frame-ancestors/base-uri/form-action allowlist) |
| ์๋ ์ธ์ด detection | /auto-lang Accept-Language ํ์ฑ โ 4 ์ธ์ด ๋ชจ๋ 302 ์ ํ ๋ถ๊ธฐ (ko/zh/en/mn) + 30์ผ cookie |
| BreadcrumbList JSON-LD | ๋ฉ์ธ + 11 ๋์ + 44 ์ธ์ด๋ณ = 61 ํ์ด์ง, ์ฌ๋ฌ๊ทธ + ์ธ์ด๋ณ ์๋ ์์ฑ (Home โ Programs โ Page) |
| Inquiry ์ฒจ๋ถํ์ผ | SKIP (๋ฉํฐํํธ ์ฒ๋ฆฌ + DB ์คํค๋ง ๋ณ๊ฒฝ ๋ถ๋ด, Phase 8 ํ๋ณด) |
| ํธ๋ ์ด๋ฉ / ์๋น์ค | ๋ชจ๋ active |
convert -density 150 -background none ์ผ๋ก SVG โ PNG ์ฌ์ ์์ฑ/starium-global/og/<slug>.png endpoint, Cache-Control: public, max-age=86400<img> ๋๋ <header> ์ ์ฒซ ์ด๋ฏธ์ง์ fetchpriority="high" decoding="async" ์ถ๊ฐ<link rel="dns-prefetch" href="//fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.googleapis.com" crossorigin>
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
setStariumSecurityHeaders ๋ฏธ๋ค์จ์ด โ /starium-global/* ๊ฒฝ๋ก ์ ์ฒด ์ ์ฉX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGIN (clickjacking ๋ฐฉ์ง)Referrer-Policy: strict-origin-when-cross-origin (cross-origin referrer ๋์ถ ๋ฐฉ์ง)Permissions-Policy: camera=(), microphone=(), geolocation=() (๋ถํ์ ๊ถํ ์ฐจ๋จ)Content-Security-Policy:default-src 'self' (๊ธฐ๋ณธ ์ฐจ๋จ)script-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com https://cdnjs.cloudflare.com (tw CDN + Alpine fallback)style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.tailwindcss.comimg-src 'self' data: https: (๋ชจ๋ ์ด๋ฏธ์ง + data URI)font-src 'self' https://fonts.gstatic.com data:connect-src 'self' https://api.telegram.org https://discord.com (alert webhook)frame-ancestors 'self' (iframe ์๋ฒ ๋ ๋ณธ์ธ๋ง)base-uri 'self' (base ํ๊ทธ ๋ณ์กฐ ๋ฐฉ์ง)form-action 'self' (ํผ submit ๋ณธ์ธ๋ง)GET /starium-global/auto-lang ์ ๊ท endpointsg_lang โ Accept-Language ํค๋ โ ๊ธฐ๋ณธ en\bko\b|kr|korean / \bzh\b|cn|chinese|hans|hant / \bmn\b|mongol / \ben\b|english/starium-global/og/{12 ์ฌ๋ฌ๊ทธ}.png โ OG PNG fallback (1200ร630, 95-127KB)/opt/star365-ceo/server.mjs: +OG PNG endpoint + /auto-lang + setStariumSecurityHeaders ๋ฏธ๋ค์จ์ด (~50 LOC)/starium-global)๋ฐฉ๋ฌธ์ ์ฒซ ์ง์
: https://ceo.star365.site/starium-global/auto-lang
โ Accept-Language ์๋ ๋ถ๊ธฐ โ /ko, /zh, /en, /mn ์ค ํ๋๋ก redirect
โ 30์ผ cookie ์ ์ฅ (๋ค์ ๋ฐฉ๋ฌธ ์ ๋์ผ ์ธ์ด๋ก ์๋ redirect)
ํค๋์ report-uri ์ถ๊ฐ ์ CSP ์๋ฐ ์๋ ์๋ฆผ ๊ฐ๋ฅ:
Content-Security-Policy: ... ; report-uri /starium-global/api/csp-report
(ํ์ฌ ๋ฏธ๊ตฌํ, Phase 8 ํ๋ณด)
WhatsApp / KakaoTalk ๊ณต์ ํ
์คํธ:
https://ceo.star365.site/starium-global/og/starium-global.png
https://ceo.star365.site/starium-global/og/nad-mct.png
... (12 endpoint)
/opt/star365-hq/docs/04-report/starium-global-phase7-20260509.md (ํ ํ์ผ)starium-global-phase7-20260509.md