feat: implement security headers for enhanced protection against clickjacking, MIME-sniffing, and other vulnerabilities

2026-02-22 19:55:52 +01:00
parent e0bae5a728
commit 5d234b30d6
2 changed files with 22 additions and 0 deletions
--- a/next.config.ts
+++ b/next.config.ts
@@ -21,6 +21,27 @@ const nextConfig: NextConfig = {
      },
    ],
  },
+  async headers() {
+    return [
+      {
+        source: '/(.*)',
+        headers: [
+          { key: 'X-Frame-Options', value: 'DENY' },
+          { key: 'X-Content-Type-Options', value: 'nosniff' },
+          { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
+          {
+            key: 'Permissions-Policy',
+            value: 'camera=(), microphone=(), geolocation=(), interest-cohort=()',
+          },
+          { key: 'X-XSS-Protection', value: '1; mode=block' },
+          {
+            key: 'Strict-Transport-Security',
+            value: 'max-age=63072000; includeSubDomains; preload',
+          },
+        ],
+      },
+    ]
+  },
  async redirects() {
    return [
      {