CSP is an important protection against some of the higher risk web vulnerabilities and the official Go website doesn't currently adopt it.
Moreover CSP is a internal requirement for any website hosted on *.google.eTLD and the Go website is currently also hosted on golang.google.cn.
I can take care of fixing this or finding someone that can work on it if the proposal is accepted.
/cc @dmitshur @andybons
Comment From: andybons
This doesn't need a proposal. Feel free to submit a fix :)