From 37e817ff261ff788f80923bbbe6d25f2879094d4 Mon Sep 17 00:00:00 2001
From: Mauricio Siu <siumauricio@icloud.com>
Date: Wed, 21 Jan 2026 18:52:57 +0100
Subject: [PATCH] feat(config): add security headers to enhance application
 security

---
 apps/dokploy/next.config.mjs | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/apps/dokploy/next.config.mjs b/apps/dokploy/next.config.mjs
index a1b19d722..48231114a 100644
--- a/apps/dokploy/next.config.mjs
+++ b/apps/dokploy/next.config.mjs
@@ -19,6 +19,32 @@ const nextConfig = {
 		locales: ["en"],
 		defaultLocale: "en",
 	},
+	async headers() {
+		return [
+			{
+				// Apply security headers to all routes
+				source: "/:path*",
+				headers: [
+					{
+						key: "X-Frame-Options",
+						value: "DENY",
+					},
+					{
+						key: "Content-Security-Policy",
+						value: "frame-ancestors 'none'",
+					},
+					{
+						key: "X-Content-Type-Options",
+						value: "nosniff",
+					},
+					{
+						key: "Referrer-Policy",
+						value: "strict-origin-when-cross-origin",
+					},
+				],
+			},
+		];
+	},
 };
 
 export default nextConfig;