From efc3a8805291096d1a6e19de9b9d155e228b8b39 Mon Sep 17 00:00:00 2001
From: MayaTheShy <MayaTheShy@gmail.com>
Date: Sun, 22 Mar 2026 02:57:13 -0400
Subject: [PATCH] Add security headers to nginx configuration for enhanced
 protection

---
 web/client/nginx.conf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/web/client/nginx.conf b/web/client/nginx.conf
index 65cb3ab..1528705 100644
--- a/web/client/nginx.conf
+++ b/web/client/nginx.conf
@@ -9,6 +9,15 @@ server {
     root /usr/share/nginx/html;
     index index.html;
 
+    server_tokens off;
+
+    # Security headers
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "DENY" always;
+    add_header X-XSS-Protection "0" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
+
     # Serve static files, fallback to index.html for SPA routing
     location / {
         try_files $uri $uri/ /index.html;