From 1adbd5eee6ac1063506ce624235b04d1bee8461c Mon Sep 17 00:00:00 2001
From: Guras <sandro.guras@pm.me>
Date: Wed, 24 Jul 2024 16:58:24 -0400
Subject: [PATCH] added security headers via _headers file

X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cross-Origin-Opener-Policy: same-origin
---
 public/_headers | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 public/_headers

diff --git a/public/_headers b/public/_headers
new file mode 100644
index 00000000..a04e3e60
--- /dev/null
+++ b/public/_headers
@@ -0,0 +1,8 @@
+# Apply these headers to all pages
+/*
+  X-Frame-Options: SAMEORIGIN
+  X-XSS-Protection: 1; mode=block
+  X-Content-Type-Options: nosniff
+  Referrer-Policy: strict-origin-when-cross-origin
+  Strict-Transport-Security: max-age=31536000; includeSubDomains
+  Cross-Origin-Opener-Policy: same-origin
\ No newline at end of file