chore: add security headers

microlinkhq · May 30, 2024 · 8c3eab1 · 8c3eab1
1 parent 11f96c4
commit 8c3eab1
Showing 1 changed file with 56 additions and 1 deletion.
diff --git a/vercel.json b/vercel.json
@@ -1,4 +1,59 @@
 {
+  "headers": [
+    {
+      "source": "/(.*)",
+      "headers": [
+        {
+          "key": "content-security-policy",
+          "value": "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"
+        },
+        {
+          "key": "cross-origin-opener-policy",
+          "value": "same-origin"
+        },
+        {
+          "key": "cross-origin-resource-policy",
+          "value": "same-origin"
+        },
+        {
+          "key": "origin-agent-cluster",
+          "value": "?1"
+        },
+        {
+          "key": "referrer-policy",
+          "value": "no-referrer"
+        },
+        {
+          "key": "strict-transport-security",
+          "value": "max-age=15552000; includeSubDomains"
+        },
+        {
+          "key": "x-content-type-options",
+          "value": "nosniff"
+        },
+        {
+          "key": "x-dns-prefetch-control",
+          "value": "off"
+        },
+        {
+          "key": "x-download-options",
+          "value": "noopen"
+        },
+        {
+          "key": "x-frame-options",
+          "value": "SAMEORIGIN"
+        },
+        {
+          "key": "x-permitted-cross-domain-policies",
+          "value": "none"
+        },
+        {
+          "key": "x-xss-protection",
+          "value": "0"
+        }
+      ]
+    }
+  ],
   "redirects": [
     {
       "source": "/adblock",
@@ -197,4 +252,4 @@
       "destination": "/docs/api/parameters/waitUntil"
     }
   ]
-}
+}