SecuritySecurity Headers
Add the following security headers to your next.config.js
file to improve the security of your app:
/next.config.js
1const nextConfig = {
2 reactStrictMode: true,
3 images: {
4 domains: [
5 // NextJS <Image> component needs to whitelist domains for src={}
6 "lh3.googleusercontent.com",
7 "pbs.twimg.com",
8 "images.unsplash.com",
9 "logos-world.net",
10 ],
11 },
12 async headers() {
13 return {
14 source: "/(.*)",
15 headers: [
16 {
17 key: "Strict-Transport-Security",
18 value: "max-age=31536000; includeSubDomains; preload",
19 },
20 {
21 key: "X-Frame-Options",
22 value: "DENY",
23 },
24 {
25 key: "X-Content-Type-Options",
26 value: "nosniff",
27 },
28 {
29 key: "Referrer-Policy",
30 value: "strict-origin-when-cross-origin",
31 },
32 ],
33 };
34 }
35};
36
37module.exports = nextConfig;
38