fix: security headers

Author: izadoesdev

apps/dashboard/next.config.ts

@@ -12,4 +12,38 @@ const nextConfig: NextConfig = {
   output: "standalone",
 };
 
+export function headers() {
+  return [
+    {
+      source: "/((?!demo).*)",
+      headers: [
+        {
+          key: "Strict-Transport-Security",
+          value: "max-age=31536000; includeSubDomains; preload",
+        },
+        {
+          key: "X-Content-Type-Options",
+          value: "nosniff",
+        },
+        {
+          key: "Referrer-Policy",
+          value: "strict-origin-when-cross-origin",
+        },
+        {
+          key: "Permissions-Policy",
+          value: "camera=(), microphone=(), geolocation=()",
+        },
+        {
+          key: "X-Frame-Options",
+          value: "DENY",
+        },
+        {
+          key: "Content-Security-Policy",
+          value: "frame-ancestors 'none'",
+        },
+      ],
+    },
+  ];
+}
+
 export default nextConfig;