File: next.config.js
Fix: Add a headers() export to next.config.js applied to all routes (source: '/(.*)'): X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, Permissions-Policy: camera=(), microphone=(), geolocation=(), and a Content-Security-Policy that restricts script-src to 'self' plus Framer Motion's requirements. Also set poweredByHeader: false to remove the X-Powered-By: Next.js fingerprinting header.
This issue was identified by an agentic audit tool. If this doesn't apply to your project, feel free to close it.
File: next.config.js
Fix: Add a headers() export to next.config.js applied to all routes (source: '/(.*)'): X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, Permissions-Policy: camera=(), microphone=(), geolocation=(), and a Content-Security-Policy that restricts script-src to 'self' plus Framer Motion's requirements. Also set poweredByHeader: false to remove the X-Powered-By: Next.js fingerprinting header.
This issue was identified by an agentic audit tool. If this doesn't apply to your project, feel free to close it.