From b822dbee400ada00c050e98f1ab00a0632a3d88c Mon Sep 17 00:00:00 2001
From: ZGaetano <zgaetano@wilddragon.net>
Date: Fri, 1 May 2026 11:14:14 -0400
Subject: [PATCH] security: add HTTP security headers (X-Frame-Options, XCTO,
 Referrer-Policy, Permissions-Policy)

---
 next.config.ts | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/next.config.ts b/next.config.ts
index 68a6c64..f369349 100755
--- a/next.config.ts
+++ b/next.config.ts
@@ -2,6 +2,23 @@ import type { NextConfig } from "next";
 
 const nextConfig: NextConfig = {
   output: "standalone",
+  async headers() {
+    return [
+      {
+        source: "/(.*)",
+        headers: [
+          { key: "X-Frame-Options", value: "SAMEORIGIN" },
+          { key: "X-Content-Type-Options", value: "nosniff" },
+          { key: "Referrer-Policy", value: "strict-origin-when-cross-origin" },
+          {
+            key: "Permissions-Policy",
+            value: "camera=(), microphone=(), geolocation=()",
+          },
+          { key: "X-DNS-Prefetch-Control", value: "on" },
+        ],
+      },
+    ];
+  },
 };
 
 export default nextConfig;