Gronod b608fa0337 fix(security #12): add helmet security response headers ...

Adds X-DNS-Prefetch-Control, X-Frame-Options, X-Content-Type-Options,
Referrer-Policy, X-XSS-Protection, HSTS (in prod) and others.
CSP disabled for now as the SPA uses inline scripts/styles; a
nonce/hash-based policy is a future hardening step.

2026-05-16 16:23:47 +01:00

3.4 KiB

Raw Blame History

View Raw