SecuritySecurity Headers

Add the following security headers to your next.config.js file to improve the security of your app:

/next.config.js

1const nextConfig = {
2  reactStrictMode: true,
3  images: {
4    domains: [
5      // NextJS <Image> component needs to whitelist domains for src={}
6      "lh3.googleusercontent.com",
7      "pbs.twimg.com",
8      "images.unsplash.com",
9      "logos-world.net",
10    ],
11  },
12  async headers() { 
13    return {
14      source: "/(.*)",
15      headers: [
16        {
17          key: "Strict-Transport-Security",
18          value: "max-age=31536000; includeSubDomains; preload",
19        },
20        {
21          key: "X-Frame-Options",
22          value: "DENY",
23        },
24        {
25          key: "X-Content-Type-Options",
26          value: "nosniff",
27        },
28        {
29          key: "Referrer-Policy",
30          value: "strict-origin-when-cross-origin",
31        },
32      ],
33    };
34  }
35};
36
37module.exports = nextConfig;
38