I'd personally love a recommendation for a set of basic security guidelines for static websites. Less interested in OWASP stuff and more as you said, hosting-specific issues. This would also be a lot to cover, from using static-site deployment tools like github pages or netlify, to throwing it up on an S3 bucket and routing using Route53, to even for whatever reason configuring a VPS with nginx or apache to serve it out of a directory.
This could further be extended to static sites that want do some authentication, covering which providers are best for that, basic security for using solutions like firebase for hosting and database, etc.
This could further be extended to static sites that want do some authentication, covering which providers are best for that, basic security for using solutions like firebase for hosting and database, etc.