Recently, I checked my website's security headers using Security Headers by Snyk - https://securityheaders.com/ - to analyse the HTTP response headers of the website. Security Headers have a grading system for results.
I also checked this blog.
Hmm, Grade D. Only the X-Content-Type-Options security header is implemented on Blogger blogs.
Now, if this were a normal website, that would be an easy fix. Just add the following security headers at the beginning of the .htaccess file:
# Add X-Content-Type-Options header
Header set X-Content-Type-Options "nosniff"
# Protect against "ClickJacking" attacks
Header always set X-Frame-Options "SAMEORIGIN"
# Add a Referrer-Policy
Header set Referrer-Policy "no-referrer-when-downgrade"
# Add a Strict-Transport-Security header
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains;"
# Add a Permissions-Policy header
Header set Permissions-Policy "geolocation=(self), microphone=(self), camera=(self), fullscreen=*, accelerometer=(self), autoplay=(self)"
But there is no such thing for a Blogger-based blog.
I've yet to find a way to implement the extra security headers on Blogger.