SharedArrayBuffer availability

I want to use SharedArrayBuffer in a static web app that will either run locally, or hosted in Github pages. As it has potential vulnerabilities I’ve read that in order to use it the server must send these headers:
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp

I guess setting them in a local server is easy. But, how can I make it work in Github pages?

AFAIK, GitHub pages does not allow to add custom HTTP response headers.

Oh, I see. :-/

To make it work in local server, should it be sufficient to put these headers in the HTML document header section?:
<meta name="Cross-Origin-Opener-Policy" content="same-origin">
<meta name="Cross-Origin-Embedder-Policy" content="require-corp">

I’ve tried it but SharedArrayBuffer keeps being undefined.