From d2f1a4471607443234169ee8150e4d2d0488a08f Mon Sep 17 00:00:00 2001
From: Jennifer Echenim <echenimjennifer@gmail.com>
Date: Wed, 20 Mar 2024 13:47:00 +0400
Subject: [PATCH 1/2] fix build error

---
 tools/walletextension/frontend/src/components/head-seo.tsx | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/walletextension/frontend/src/components/head-seo.tsx b/tools/walletextension/frontend/src/components/head-seo.tsx
index fa3af3f4ea..b8fc555880 100644
--- a/tools/walletextension/frontend/src/components/head-seo.tsx
+++ b/tools/walletextension/frontend/src/components/head-seo.tsx
@@ -21,6 +21,7 @@ const HeadSeo = ({
       {/* Beagle Security */}
       <meta
         name="_vgeujvlkxz15hyr8vbuvqxnfmzlkm059"
+        // @ts-ignore
         signature="_vd3udx2g2hfn9zclob5cat43b94q7fyk"
       ></meta>
       {/* twitter metadata */}

From 52baa00f2ca770330a763f53ca4b570d7d6e68a0 Mon Sep 17 00:00:00 2001
From: Jennifer Echenim <echenimjennifer@gmail.com>
Date: Wed, 20 Mar 2024 16:25:43 +0400
Subject: [PATCH 2/2] Add security meta tags

---
 tools/walletextension/frontend/src/components/head-seo.tsx | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tools/walletextension/frontend/src/components/head-seo.tsx b/tools/walletextension/frontend/src/components/head-seo.tsx
index b8fc555880..26a475374a 100644
--- a/tools/walletextension/frontend/src/components/head-seo.tsx
+++ b/tools/walletextension/frontend/src/components/head-seo.tsx
@@ -24,6 +24,11 @@ const HeadSeo = ({
         // @ts-ignore
         signature="_vd3udx2g2hfn9zclob5cat43b94q7fyk"
       ></meta>
+      {/* SECURITY: to prevent the page from being loaded in an iFrame */}
+      <meta http-equiv="X-Frame-Options" content="deny"></meta>
+      {/* to indicate the browser shouldn't interpret the response as something other than the specified content type */}
+      <meta http-equiv="X-Content-Type-Options" content="nosniff"></meta>
+      {/* The Content-Security-Policy header is used to prevent a wide range of attacks, including Cross-Site Scripting (XSS) and other cross-site injections. */}
       {/* twitter metadata */}
       <meta name="twitter:card" content="summary_large_image" />
       <meta name="twitter:site" content={siteMetadata.twitterHandle} />